CVE-2026-2264

Severity CVSS v4.0:
CRITICAL
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
26/05/2026
Last modified:
26/05/2026

Description

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.<br /> <br /> For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.