Description

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.

Related CPE's

Could not find any relations

References

https://docs.cloud.google.com/dialogflow/docs/release-notes#December_11_2025

Weaknesses

f45cbf4e-4146-4068-b7e1-655ffc2c548c

Secondary
CWE-287

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

f45cbf4e-4146-4068-b7e1-655ffc2c548c

Vulnerability status

Awaiting analysis

Published

2025-12-18T22:15:55.590

22 hours ago

Last modified

2025-12-19T18:00:18.330

3 hours ago