This page describes all security bulletins related to Dataform.
GCP-2026-047
Published: 2026-07-13
Description
| Description | Severity | Notes |
|---|---|---|
|
A Missing Authorization vulnerability was discovered in repositories in BigQuery, Dataform, and Colab Enterprise. What should I do?No customer action is required. Google has already applied mitigations to all impacted products and services. What vulnerabilities are being addressed?During repository creation, an authenticated attacker could potentially escalate their permissions and perform cross-tenant repository takeover. |
Critical |
CVE-2026-14934 |
GCP-2025-045
Published: 2025-08-21
| Description | Severity | Notes |
|---|---|---|
|
An external researcher reported a vulnerability in the Dataform API through the Google and Alphabet Vulnerability Reward Program (VRP). This vulnerability could potentially allow unauthorized access to customer code repositories and data. Google quickly fixed the issue and released the fix to all regions. At this time, no evidence of exploitation has been found or reported to Google. What should I do?No customer action is required. Google has already applied mitigations to all impacted products and services. What vulnerabilities are being addressed?For more information, see CVE-2025-9118. |
Critical | CVE-2025-9118 |