CVE-2026-3136 Google — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.6 (HIGH)
Affected Versions	before 2026
Type	CWE-863 (Incorrect Authorization (Неправильная авторизация))
Vendor	Google
Public PoC	No

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

Active

Нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization (Неправильная авторизация)

References 1

https://docs.cloud.google.com/build/docs/release-notes#March_03_2026

f45cbf4e-4146-4068-b7e1-655ffc2c548c

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2830

Google

6.1

CVE-2026-2589

Google

5.3

CVE-2026-28469

Google

8.2

CVE-2026-3223

Google

8.4

CVE-2026-2244

Google

8.4

Menu

CVE-2026-3136

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-2830

CVE-2026-2589

CVE-2026-28469

CVE-2026-3223

CVE-2026-2244

CVE Details

Editor's Choice