CVE-2026-14934
Received
Received - Intake
BaseFortify
Vulnerability report for CVE-2026-14934, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-13
Last updated on: 2026-07-13
Assigner: GoogleCloud
Description
Description
A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover.
This vulnerability was patched on 10 May 2026, and no customer action is needed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloud_bigquery | From 2025-10-01 (inc) to 2026-05-11 (exc) | |
| dataform | From 2025-10-01 (inc) to 2026-05-11 (exc) | |
| colab_enterprise | From 2025-10-01 (inc) to 2026-05-11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |