CVE-2026-4764
Received Received - Intake
Missing Authorization in Dialogflow CX Playbook Import

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: GoogleCloud

Description
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-4764
EUVD
EUVD-2026-36221
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google dialogflow_cx to 2026-03-15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authorization issue in the playbook import functionality of Dialogflow CX on Google Cloud Platform. It allows an authenticated user who has specific roles to escalate their privileges and potentially take over an entire GCP project by using a maliciously crafted playbook import.

Impact Analysis

The impact of this vulnerability is severe because it enables an attacker with certain authenticated roles to escalate their privileges beyond what is normally allowed. This escalation can lead to a complete takeover of a Google Cloud Platform project, potentially compromising all resources and data within that project.

Mitigation Strategies

This vulnerability was patched on 15 March 2026, and no customer action is needed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4764. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart