CVE-2026-4764
CriticalCVSS 9.4Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
CVE-2026-4764 describes a Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform. This allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.
Risk Assessment
The organization may be exposed to unauthorized access to GCP resources, which could lead to serious consequences, including data loss or control over projects.
Recommendation
It is recommended to monitor user permissions and regularly review roles assigned to accounts in GCP to minimize the risk of privilege escalation.
Original NVD description (English source)
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed.

