CVE-2026-3136

CRITICAL

9.8

Description

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/3/2026

Derniere modification3/5/2026

Sourcenvd

Observations honeypot0

Produits affectes

google:cloud_build

Faiblesses (CWE)

CWE-863

References

https://docs.cloud.google.com/build/docs/release-notes#March_03_2026(f45cbf4e-4146-4068-b7e1-655ffc2c548c)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.