SSRF in Google Cloud Apigee-x

CVE-2026-2264

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator mus…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.002 (40.5th percentile) — read the EPSS interpretation.

Affected products

Google Cloud Apigee-x — versions 0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

f45cbf4e-4146-4068-b7e1-655ffc2c548c