CVE-2026-2031
CriticalSummary
CVE-2026-2031 describes an improper access control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to January 23, 2026. This allows a remote, unauthenticated attacker to disclose sensitive information and execute arbitrary code using specially crafted HTTP requests.
Risk Assessment
The organization may be exposed to the disclosure of sensitive information and the execution of malicious code, potentially leading to serious security breaches.
Recommendation
It is recommended to update to the latest version of Google Cloud Application Integration and implement appropriate security measures to restrict access to internal API endpoints.
Original NVD description (English source)
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.

