Security bulletins

This page describes all security bulletins related to Google Cloud Observability.

GCP-2026-009

Published: 2026-02-13

Description	Severity	Notes
Log Analytics user interface versions prior to January 2026 can be configured to automatically execute SQL queries. A vulnerability can allow an attacker to craft a query URL which, when opened by someone with credentials, could access table contents or incur query cost. What should I do? No user action is needed. The vulnerability was patched, and the affected user interfaces were updated in January 2026 to include intervention points to prevent malicious SQL from running without an opportunity for the user to inspect it. What vulnerabilities are being addressed? The vulnerability can allow an attacker to access limited contents of a target's Log Analytics or BigQuery tables when the target executes an attacker-crafted SQL query. The vulnerability leverages BigQuery audit logs to convey information about the target's table contents to an attacker-controlled Google Cloud project. The vulnerability is exacerbated by the Log Analytics interfaces behavior of automatically executing queries embedded in the URL, which prevents the target from inspecting the attacker-crafted query prior to executing it with their credentials.	High

Description

Severity

Notes

Log Analytics user interface versions prior to January 2026 can be configured to automatically execute SQL queries. A vulnerability can allow an attacker to craft a query URL which, when opened by someone with credentials, could access table contents or incur query cost.

What should I do?

No user action is needed. The vulnerability was patched, and the affected user interfaces were updated in January 2026 to include intervention points to prevent malicious SQL from running without an opportunity for the user to inspect it.

What vulnerabilities are being addressed?

The vulnerability can allow an attacker to access limited contents of a target's Log Analytics or BigQuery tables when the target executes an attacker-crafted SQL query.

The vulnerability leverages BigQuery audit logs to convey information about the target's table contents to an attacker-controlled Google Cloud project. The vulnerability is exacerbated by the Log Analytics interfaces behavior of automatically executing queries embedded in the URL, which prevents the target from inspecting the attacker-crafted query prior to executing it with their credentials.

High

GCP-2026-005

Published: 2026-01-28

Description	Severity	Notes
This vulnerability affects Log Analytics interface and Cloud Monitoring dashboarding interface versions prior to January 2026. What should I do? No user action is needed. The affected user interfaces were updated in January 2026 to include intervention points to prevent malicious SQL from running without an opportunity for the user to inspect it. What vulnerabilities are being addressed? The vulnerability allows an attacker to access limited contents of a target's Log Analytics or BigQuery tables when the target views an attacker-crafted dashboard. The vulnerability leverages BigQuery metadata channels to convey information about the target's table contents to an attacker-controlled Google Cloud project. The vulnerability is exacerbated by the dashboard interfaces behavior of automatically executing queries to populate SQL-backed widgets, which prevents the target from inspecting the attacker-crafted query prior to executing it with their credentials.	High

Description

Severity

Notes

This vulnerability affects Log Analytics interface and Cloud Monitoring dashboarding interface versions prior to January 2026.

What should I do?

No user action is needed. The affected user interfaces were updated in January 2026 to include intervention points to prevent malicious SQL from running without an opportunity for the user to inspect it.

What vulnerabilities are being addressed?

The vulnerability allows an attacker to access limited contents of a target's Log Analytics or BigQuery tables when the target views an attacker-crafted dashboard.

The vulnerability leverages BigQuery metadata channels to convey information about the target's table contents to an attacker-controlled Google Cloud project. The vulnerability is exacerbated by the dashboard interfaces behavior of automatically executing queries to populate SQL-backed widgets, which prevents the target from inspecting the attacker-crafted query prior to executing it with their credentials.

High

Security bulletins Stay organized with collections Save and categorize content based on your preferences.

GCP-2026-009

GCP-2026-005

Security bulletins