CVE-2026-2274

Published: Feb 19, 2026

Modified: Feb 19, 2026

PUBLISHED

Description

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no customer action is needed.

Vendor	Product	Versions
AppSheet	AppSheet Web (Main Server)	affected `0 - < 2025-11-23`

Weaknesses (CWE)

CWE-918

References

https://discuss.google.dev/t/november-23-2025/332118

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-2274

Description

Affected Products

Weaknesses (CWE)

References