CVE-2026-12715

Summary

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.

This vulnerability was patched on 15 April 2026, and no customer action is needed.

Affected Software

VendorProductVersion RangeStatus
Google CloudFirebase Studio0 < 2026-04-15affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References