Google · Google Cloud Storage · CVE-2026-34750
Name of the Vulnerable Software and Affected Versions
Payload versions prior to 3.78.0
Description
The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location.
Recommendations
Upgrade to version 3.78.0 or later.