CVE-2026-8934
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
CVE-2026-8934 is a Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console, allowing an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request.
Risk Assessment
This vulnerability may lead to the exposure of sensitive information, posing a risk to the privacy and security of the organization's data.
Recommendation
The vulnerability was patched on April 7, 2026, and no customer action is needed.
Original NVD description (English source)
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched on 7 April 2026, and no customer action is needed.

