Maintained with ☕️ by
IcePanel logo
StackFeed logo
Google Cloud Platform logo
Original post

We published a security bulletin for Apigee. A vulnerability was found in Apigee

Share

Services

## Security Security **On May 20, 2026, we published a security bulletin for Apigee.** A vulnerability was found in Apigee ([CVE-2026-2264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2264)) where the `IntegrationRegion`parameter in the `SetIntegrationRequest` policy lacks validation, allowing for Server-Side Request Forgery (SSRF) and service account token exfiltration. The issue arises when an attacker can control a flow variable used for `IntegrationRegion`, leading to requests being sent to an attacker-controlled host with the service account token. **Security bulletin published: [GCP-2026-034](https://cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034)**

What else is happening at Google Cloud Platform?

Google Cloud Platform logo

Deploying services using a Compose file is in General Availability

in 10 months

Share
Google Cloud Platform logo

Datastream is now available in additional regions For the list of all available regions, see IP allowlists and regions

in 7 months

Share
Google Cloud Platform logo

All 1-year committed use discounts (CUDs) for Google Cloud VMware Engine ve1 SKUs are now End-of-Sale across the europe-west2 (London, UK) region

about 3 hours ago

Share
Google Cloud Platform logo

Managed Cloud Service Mesh using the TRAFFIC_DIRECTOR implementation in the

about 4 hours ago

Share
Google Cloud Platform logo

Managed Cloud Service Mesh using the TRAFFIC_DIRECTOR implementation in the

about 4 hours ago

Share
Google Cloud Platform logo

The December 2023 release notes include a release note for the General Availability of

1 day ago

Share