Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests.


This vulnerability was patched on 15 April 2026, and no customer action is needed.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

This vulnerability was patched on April 15, 2026 on the server-side. As a precautionary measure, users who may have stored sensitive information such as API keys (e.g., GEMINI_API_KEY) within their Firebase Studio workspace may choose to rotate these keys. Instructions for rotating the GEMINI_API_KEY can be found at https://firebase.google.com/docs/studio/troubleshooting#rotate-gemini-key .


Workaround

No workaround given by the vendor.

History

Fri, 17 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 17 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed.
Title Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Clear'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published:

Updated: 2026-07-17T15:28:50.317Z

Reserved: 2026-06-19T11:04:06.795Z

Link: CVE-2026-12715

cve-icon Vulnrichment

Updated: 2026-07-17T15:28:45.476Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses