What is GHSA-vfx9-pmh4-cqpq?

GHSA-vfx9-pmh4-cqpq is a security advisory published by GitHub Security Advisories with Critical severity. A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers...

Which CVE IDs does GHSA-vfx9-pmh4-cqpq cover?

GHSA-vfx9-pmh4-cqpq covers the following CVE IDs: CVE-2026-2264. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-vfx9-pmh4-cqpqCritical

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-2264 →

📋 Description

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.

For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-2264
https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034
https://github.com/advisories/GHSA-vfx9-pmh4-cqpq