// Alert

Google Cloud threat report

CVE-2026-2031 is a critical remote code execution vulnerability in Google Cloud Application Integration that combines multiple flaws: exposed internal APIs returning protobuf descriptors, IDOR weaknesses, and an unauthenticated workflow execution endpoint. An attacker could exploit these to execute arbitrary Stubby RPC calls in Google Cloud production with the privileged service identity of the integration platform. Google has patched the vulnerability; the researcher earned $148,337 through Google's Vulnerability Reward Program.

// Get alerts for Google Cloud