CVE-2026-12715

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
17/07/2026
Last modified:
17/07/2026

Description

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users&amp;#39; deployed source code and access sensitive data via unauthorized GCS URL signing requests.<br /> <br /> <br /> This vulnerability was patched on 15 April 2026, and no customer action is needed.

References to Advisories, Solutions, and Tools