Description
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.
Problem types
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
Product status
Any version before 2026-06-12
Credits
Moshe Bernstein with Tenable
References
cloud.google.com/apigee/docs/release-notes