QSearchQSearch

CVE-2026-4764

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authentica...

Published: 2026-06-11 · Last updated: 2026-06-11

Severity and scoring

CWE
CWE-862

Description

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-53818 OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to ski... (6.6 MEDIUM)
  • CVE-2026-53816 OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to... (7.2 HIGH)
  • CVE-2026-53815 OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks (6.5 MEDIUM)
  • CVE-2026-47163 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
  • CVE-2023-32959 Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security ... (4.3 MEDIUM)