Google Cloud App Integration Improper Access Control in Internal API Endpoints
CVE-2026-2031 Published on May 15, 2026

Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-2031 has been classified to as an AuthZ vulnerability or weakness.

Affected Versions

Google Cloud Internal Integration Platform APIs:

Before 2026-01-23 is affected.

Google Cloud App Integration Improper Access Control in Internal API EndpointsCVE-2026-2031 Published on May 15, 2026

Weakness Type

What is an AuthZ Vulnerability?

Affected Versions

Google Cloud App Integration Improper Access Control in Internal API Endpoints
CVE-2026-2031 Published on May 15, 2026