GCP-2026-043High
GCP-2026-043 — Published: 2026-06-24Description Description Severity Notes A vulnerability was found in Firebase Studio where the GetSignedGcsUrl RPC…
🔗 CVE IDs covered (1)
CVE-2026-12715 · pending
📋 Description
Published: 2026-06-24Description Description Severity Notes A vulnerability was found in Firebase Studio where the GetSignedGcsUrl RPC allowed authenticated users to list buckets and download deployment source code of other tenants. No action is required to mitigate this vulnerability as the fix has been deployed to the backend service. As a precautionary measure, users who stored sensitive information, such as API keys (for example, GEMINI_API_KEY), within their Firebase Studio workspace may choose to rotate these keys. For instructions, see the Firebase Studio troubleshooting guide. High CVE-2026-12715