CVE-2026-12715
Received Received - Intake

Missing Authorization in Google Cloud Firebase Studio

Vulnerability report for CVE-2026-12715, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: GoogleCloud

Description

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
google cloud_firebase_studio to 2026-04-15 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.

Detection Guidance

Detection involves checking for unauthorized GCS URL signing requests or access to Firebase Studio deployments. Monitor logs for unusual activity in Google Cloud Platform services, particularly Firebase Studio logs. Check for any instances of Firebase Studio prior to 2026-04-15 and verify they have been updated.

Impact Analysis

An attacker could exploit this to steal sensitive data or source code from other users' Firebase Studio deployments. This could lead to data breaches, intellectual property theft, or unauthorized access to confidential information.

Compliance Impact

This vulnerability could lead to unauthorized access to personal or health data, violating GDPR or HIPAA requirements. Organizations using affected Firebase Studio versions may face compliance violations, legal penalties, and reputational damage.

Mitigation Strategies

No immediate action is required as this vulnerability was patched on 15 April 2026 and no customer action is needed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12715. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart