Auth bypass in Google Cloud Firebase Studio
CVE-2026-12715
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing request…
Vulnerability class: Broken Access Control
Affected products
- Google Cloud Firebase Studio — versions 0