CVE-2026-3259

Summary

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process.

This vulnerability was patched on 29 January 2026, and no customer action is needed.

Affected Software

VendorProductVersion RangeStatus
Google CloudBigQuery0 < 01/29/2026affected

Weaknesses

  • CWE-209: CWE-209 Generation of error message containing sensitive information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References