CVE-2026-8934
Received Received - Intake
Missing Authorization in Google App Engine GraphQL API

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: GoogleCloud

Description
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched on 7 April 2026, and no customer action is needed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-8934
EUVD
EUVD-2026-38262
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google app_engine to 2026-04-07 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authorization issue in a GraphQL private API operation within the Google App Engine section of the Cloud Console. It allows an unauthenticated remote attacker to access and leak sensitive App Engine request logs from other projects by sending a specially crafted request.

Impact Analysis

The impact of this vulnerability is that an attacker without authentication can obtain sensitive request logs from other projects. This could lead to exposure of confidential information contained in those logs, potentially compromising the security and privacy of affected projects.

Mitigation Strategies

This vulnerability was patched on 7 April 2026, and no customer action is needed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8934. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart