An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data.
This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed. | |
| Title | Cross-Tenant Data Exfiltration in Apigee via BigQuery Confused Deputy | |
| Weaknesses | CWE-441 CWE-610 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GoogleCloud
Published:
Updated: 2026-07-09T13:42:48.913Z
Reserved: 2026-06-22T09:35:44.962Z
Link: CVE-2026-12879
No data.
No data.
No data.
OpenCVE Enrichment
No data.