CVE-2026-2264

Published: May 26, 2026

Modified: May 26, 2026

PUBLISHED

Description

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

Vendor	Product	Versions
Google Cloud	Apigee-X	affected `0 - < 1.14.4` affected `0 - < 1.15.2` affected `0 - < 1.16.1`

Weaknesses (CWE)

CWE-918

References

https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-2264

Description

Affected Products

Weaknesses (CWE)

References