CVE-2026-2031

Name of the Vulnerable Software and Affected Versions Google Cloud Application Integration versions prior to 2026-01-23

Description Improper Access Control in several internal API endpoints allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code. This is achieved by sending specially crafted HTTP requests to internal API endpoints that were inadvertently exposed. The issue involves debug endpoints that allow the configuration of privileged workflows, leading to Remote Code Execution (RCE), which is the ability to execute arbitrary commands on a target machine.

Recommendations Update to the version released on or after 2026-01-23.