CVE-2026-3259 | THREATINT

Description

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process. This vulnerability was patched on 29 January 2026, and no customer action is needed.

PUBLISHED Reserved 2026-02-26 | Published 2026-04-23 | Updated 2026-04-23 | Assigner GoogleCloud

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear

Problem types

CWE-209 Generation of error message containing sensitive information

Product status

Default status

unaffected

Any version before 01/29/2026

affected

Credits

Gonzalo López Zuloaga reporter

References

docs.cloud.google.com/bigquery/docs/release-notes/

cve.org (CVE-2026-3259)

nvd.nist.gov (CVE-2026-3259)

Download JSON