Auth bypass in Google Cloud Firebase Studio

CVE-2026-12715

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing request…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References