Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed.
History

Fri, 17 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 17 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed.
Title Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Clear'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published:

Updated: 2026-07-17T15:28:50.317Z

Reserved: 2026-06-19T11:04:06.795Z

Link: CVE-2026-12715

cve-icon Vulnrichment

Updated: 2026-07-17T15:28:45.476Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.