CVE-2026-4764
Awaiting Analysis Awaiting Analysis - Queue

Missing Authorization in Dialogflow CX Playbook Import

Vulnerability report for CVE-2026-4764, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: GoogleCloud

Description

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
google dialogflow_cx to 2026-03-15 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authorization issue in the playbook import functionality of Dialogflow CX on Google Cloud Platform. It allows an authenticated user who has specific roles to escalate their privileges and potentially take over an entire GCP project by using a maliciously crafted playbook import.

Impact Analysis

The impact of this vulnerability is severe because it enables an attacker with certain authenticated roles to escalate their privileges beyond what is normally allowed. This escalation can lead to a complete takeover of a Google Cloud Platform project, potentially compromising all resources and data within that project.

Mitigation Strategies

This vulnerability was patched on 15 March 2026, and no customer action is needed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4764. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart