An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.
History

Thu, 09 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google cloud Apigee
Vendors & Products Google
Google cloud Apigee

Thu, 09 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.
Title Cross-Tenant Data Exfiltration in Apigee via BigQuery Confused Deputy
Weaknesses CWE-441
CWE-610
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/U:Clear'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published:

Updated: 2026-07-09T13:42:48.913Z

Reserved: 2026-06-22T09:35:44.962Z

Link: CVE-2026-12879

cve-icon Vulnrichment

Updated: 2026-07-09T13:42:43.697Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T14:45:05Z