PT-2026-48647 · Google Cloud · Dialogflow Cx
Sreeram Kl
·
Published
2026-06-11
·
Updated
2026-06-11
·
CVE-2026-4764
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear |
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.
This vulnerability was patched on 15 March 2026, and no customer action is needed.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dialogflow Cx