Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.
This vulnerability was patched on 15 April 2026, and no customer action is needed.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://docs.cloud.google.com/support/bulletins#gcp-2026-043 |
|
History
Fri, 17 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed. | |
| Title | Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GoogleCloud
Published:
Updated: 2026-07-17T15:28:50.317Z
Reserved: 2026-06-19T11:04:06.795Z
Link: CVE-2026-12715
Updated: 2026-07-17T15:28:45.476Z
No data.
No data.
OpenCVE Enrichment
No data.