Improper Auth: GitHub Trigger in Google Cloud Build
CVE-2026-3136 Published on March 3, 2026

Google Cloud Build Comment Control Bypass
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2026-3136 has been classified to as an AuthZ vulnerability or weakness.

Affected Versions

Google Cloud Cloud Build:

Before 1/26/2026 is affected.

Improper Auth: GitHub Trigger in Google Cloud BuildCVE-2026-3136 Published on March 3, 2026

Weakness Type

What is an AuthZ Vulnerability?

Affected Versions

Improper Auth: GitHub Trigger in Google Cloud Build
CVE-2026-3136 Published on March 3, 2026