PT-2026-51347 · Google · App Engine Cloud Console
Arvin Shivram
+1
·
Published
2026-06-22
·
Updated
2026-06-22
·
CVE-2026-8934
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear |
Name of the Vulnerable Software and Affected Versions
Google App Engine Cloud Console (affected versions not specified)
Description
A missing authorization issue in a GraphQL private API operation within the Google App Engine section of the Cloud Console enables an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects by sending a specially crafted request.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
App Engine Cloud Console