Which CVE IDs does GCP-2026-034 cover?

GCP-2026-034 covers the following CVE IDs: CVE-2026-2264. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GCP-2026-034High

GCP-2026-034 — Published: 2026-05-20Description Description Severity Notes A vulnerability was found in Apigee where the IntegrationRegion parameter in…

Vendor

Google Cloud Security Bulletins

Published

May 20, 2026

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2026-2264 →

📋 Description

Published: 2026-05-20Description Description Severity Notes A vulnerability was found in Apigee where the IntegrationRegion parameter in the SetIntegrationRequest policy lacks validation, allowing for Server-Side Request Forgery (SSRF) and service account token exfiltration. The issue arises when an attacker can control a flow variable used for IntegrationRegion, leading to requests being sent to an attacker-controlled host with the service account token. High CVE-2026-2264

🔗 References (1)

advisoryhttps://docs.cloud.google.com/support/bulletins/index#gcp-2026-034