SSRF in Google Cloud Apigee-X Can Leak Service Account Tokens (CVE-2026-2264)
Vulnerability in the SetIntegrationRequest policy of Apigee received a 9.2 on the CVSS and allows for the exfiltration of service account tokens, but relies on an insecure prior configuration in the API proxy.