CVE-2026-2274

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no customer action is needed.

CVSS

No CVSS.

References

Link	Resource
https://discuss.google.dev/t/november-23-2025/332118

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una SSRF y una vulnerabilidad de lectura arbitraria de archivos en AppSheet Core en Google AppSheet anterior al 23-11-2025 permite a un atacante remoto autenticado leer archivos locales sensibles y acceder a recursos de red internos a través de solicitudes manipuladas al clúster de producción. Esta vulnerabilidad fue parcheada y no se requiere ninguna acción por parte del cliente.

19 Feb 2026, 16:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 16:27

Updated : 2026-06-17 10:30

NVD link : CVE-2026-2274

Mitre link : CVE-2026-2274

CVE.ORG link : CVE-2026-2274

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-2274", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2274", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T19:55:09.235611Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "affectedData": [{"vendor": "AppSheet", "product": "AppSheet Web (Main Server)", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-11-23", "versionType": "date"}], "defaultStatus": "unaffected"}]}], "published": "2026-02-19T16:27:16.287", "references": [{"url": "https://discuss.google.dev/t/november-23-2025/332118", "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster.\n\n\n\n\n\nThis vulnerability was patched and no customer action is needed."}, {"lang": "es", "value": "Una SSRF y una vulnerabilidad de lectura arbitraria de archivos en AppSheet Core en Google AppSheet anterior al 23-11-2025 permite a un atacante remoto autenticado leer archivos locales sensibles y acceder a recursos de red internos a trav\u00e9s de solicitudes manipuladas al cl\u00faster de producci\u00f3n.\n\nEsta vulnerabilidad fue parcheada y no se requiere ninguna acci\u00f3n por parte del cliente."}], "lastModified": "2026-06-17T10:30:42.160", "sourceIdentifier": "f45cbf4e-4146-4068-b7e1-655ffc2c548c"}