PT-2026-60778 · Google Cloud · Firebase Studio

CVE-2026-12715

·

Published

2026-07-17

·

Updated

2026-07-17

CVSS v4.0

8.5

High

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Clear
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.
This vulnerability was patched on 15 April 2026, and no customer action is needed.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-12715

Affected Products

Firebase Studio