CVE-2026-3259

Name: CVE-2026-3259
Creator: NVD / NIST
Published: 2026-04-23T10:16:16.61+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 0.23%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process. This vulnerability was patched on 29 January 2026, and no customer action is needed.

Metrics

CVSS 4.0

7.1/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear

EPSS Probability

0.23%

13.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-209

References

https://docs.cloud.google.com/bigquery/docs/release-notes/#April_15_2026

Timeline

Published: Apr 23, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-3259?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST