Maintained with ☕️ by
IcePanel logo
StackFeed logo
Google Cloud Platform logo
Original post

We published a security bulletin for Apigee. A vulnerability was found in Apigee

Share

Services

## Security Security **On May 20, 2026, we published a security bulletin for Apigee.** A vulnerability was found in Apigee ([CVE-2026-2264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2264)) where the `IntegrationRegion`parameter in the `SetIntegrationRequest` policy lacks validation, allowing for Server-Side Request Forgery (SSRF) and service account token exfiltration. The issue arises when an attacker can control a flow variable used for `IntegrationRegion`, leading to requests being sent to an attacker-controlled host with the service account token. **Security bulletin published: [GCP-2026-034](https://cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034)**

What else is happening at Google Cloud Platform?

Google Cloud Platform logo

Deploying services using a Compose file is in General Availability

in 10 months

Share
Google Cloud Platform logo

Datastream is now available in additional regions For the list of all available regions, see IP allowlists and regions

in 6 months

Share
Google Cloud Platform logo

Cloud Data Fusion version 6.11.1.3 is generally available (GA)

about 22 hours ago

Share
Google Cloud Platform logo

Starting June 1, 2026, the Data Catalog service begins a phased shutdown

about 22 hours ago

Share
Google Cloud Platform logo

Custom dashboards can display trace data. You can view individual spans or

about 22 hours ago

Share
Google Cloud Platform logo

AI Protection supports data residency in the European Union (EU) for the Security Command Center Premium tier

1 day ago

Share