CVE Catalog

CVE-2026-4764

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile — higher than 12% of all known CVEs

Summary

CVE-2026-4764 describes a Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform. This allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.

Risk Assessment

The organization may be exposed to unauthorized access to GCP resources, which could lead to serious consequences, including data loss or control over projects.

Recommendation

It is recommended to monitor user permissions and regularly review roles assigned to accounts in GCP to minimize the risk of privilege escalation.

Original NVD description (English source)

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS