CVE-2026-2264

Vulnerability Description

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.

For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

Vulnerability Details

Published Date

May 26, 2026

Last Modified

May 26, 2026

CWE ID

CWE-918

Source

NVD

External References

https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment