CVE-2026-12879
Received Received - Intake

Improper Input Validation in Google Cloud Apigee

Vulnerability report for CVE-2026-12879, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GoogleCloud

Description

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
google cloud_apigee to 2026-06-12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-441 The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-12879 is an Improper Input Validation vulnerability found in the BigQuery Data Access Object (DAO) component of Google Cloud Apigee versions prior to June 12, 2026.

This flaw allowed an authenticated attacker to exfiltrate data across different tenants, meaning they could access data that belongs to other users or organizations within the same cloud environment.

Impact Analysis

The vulnerability could allow an authenticated attacker to access and steal data from other tenants in the Google Cloud Apigee environment.

This cross-tenant data exfiltration could lead to unauthorized disclosure of sensitive or confidential information.

Mitigation Strategies

The vulnerability was patched on June 12, 2026, on the Apigee Servers, and no customer action is needed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12879. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart