Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-2264
Received
More InfoOfficial Page
Source-f45cbf4e-4146-4068-b7e1-655ffc2c548c
View Known Exploited Vulnerability (KEV) details
Published At-26 May, 2026 | 17:16
Updated At-26 May, 2026 | 17:16

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Type: Secondary
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-918Secondaryf45cbf4e-4146-4068-b7e1-655ffc2c548c
CWE ID: CWE-918
Type: Secondary
Source: f45cbf4e-4146-4068-b7e1-655ffc2c548c
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034f45cbf4e-4146-4068-b7e1-655ffc2c548c
N/A
Hyperlink: https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034
Source: f45cbf4e-4146-4068-b7e1-655ffc2c548c
Resource: N/A
Change History
0Changes found
Details not found