CVE-2026-2264

Summary

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.

For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

Affected Software

VendorProductVersion RangeStatus
Google CloudApigee-X0 < 1.14.4affected
Google CloudApigee-X0 < 1.15.2affected
Google CloudApigee-X0 < 1.16.1affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References