Back to overview

CVE-2026-14934

CRITICAL
9.4
CVSS 4.0
Description
A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. This vulnerability was patched on 10 May 2026, and no customer action is needed.

Metadata

CVE ID
CVE-2026-14934
State
PUBLISHED
Assigner
GoogleCloud
Reserved
2026-07-07 11:05 UTC
Published
2026-07-13 10:20 UTC
Last updated
2026-07-13 13:12 UTC
Primary CWE
CWE-862
CWE-862 Missing Authorization
Vendor / Product
Google Cloud / BigQuery
Sources
cve.org  ·  NVD

Severity & Metrics

9.4 CRITICAL CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (3)
VendorProductPlatformVersions
Google Cloud BigQuery 2025-10 < 2026-05-10
Google Cloud Colab Enterprise 2025-10 < 2026-05-10
Google Cloud Dataform 2025-10 < 2026-05-10
Weakness (CWE)
CWESourceDescription
CWE-862 cna CWE-862 Missing Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.4 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear
Back to overview