CVE-2026-12715
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
17/07/2026
Last modified:
17/07/2026
Description
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users&#39; deployed source code and access sensitive data via unauthorized GCS URL signing requests.<br />
<br />
<br />
This vulnerability was patched on 15 April 2026, and no customer action is needed.



