CVE-2026-2264
Severity CVSS v4.0:
CRITICAL
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
26/05/2026
Last modified:
26/05/2026
Description
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.<br />
<br />
For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.
Impact
Base Score 4.0
9.20
Severity 4.0
CRITICAL



