%20--%3e%3crect%20x='14'%20y='14'%20width='228'%20height='228'%20rx='24'%20fill='%231e1b4b'%3e%3c/rect%3e%3c!--%20Pins%20(lighter%20violet)%20--%3e%3cg%20fill='%23a78bfa'%3e%3c!--%20top%20&%20bottom%20--%3e%3cg%3e%3crect%20x='36'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='60'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='84'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='108'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='132'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='156'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='180'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='204'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='36'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='60'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='84'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='108'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='132'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='156'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='180'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='204'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3c/g%3e%3c!--%20sides%20--%3e%3cg%3e%3crect%20x='6'%20y='36'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='60'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='84'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='108'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='132'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='156'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='180'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='204'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='36'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='60'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='84'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='108'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='132'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='156'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='180'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='204'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3c/g%3e%3c/g%3e%3c!--%20Inner%20bezel%20--%3e%3crect%20x='26'%20y='26'%20width='204'%20height='204'%20rx='18'%20fill='%238b5cf6'%3e%3c/rect%3e%3c!--%20Gradient%20die%20--%3e%3crect%20x='46'%20y='46'%20width='164'%20height='164'%20rx='16'%20fill='url(%23chipGradient)'%20filter='url(%23innerGlow)'%3e%3c/rect%3e%3c!--%20Subtle%20grid%20--%3e%3cg%20opacity='0.18'%3e%3cpath%20d='M62%2046V210M78%2046V210M94%2046V210M110%2046V210M126%2046V210M142%2046V210M158%2046V210M174%2046V210M190%2046V210'%20stroke='%23ffffff'%20stroke-width='1'%3e%3c/path%3e%3cpath%20d='M46%2062H210M46%2078H210M46%2094H210M46%20110H210M46%20126H210M46%20142H210M46%20158H210M46%20174H210M46%20190H210'%20stroke='%23ffffff'%20stroke-width='1'%3e%3c/path%3e%3c/g%3e%3c!--%20Enlarged%20H%20--%3e%3cg%20fill='%23ffffff'%20transform='translate(66,64)'%3e%3crect%20x='0'%20y='0'%20width='36'%20height='128'%20rx='6'%3e%3c/rect%3e%3crect%20x='84'%20y='0'%20width='36'%20height='128'%20rx='6'%3e%3c/rect%3e%3crect%20x='0'%20y='48'%20width='120'%20height='32'%20rx='6'%3e%3c/rect%3e%3c/g%3e%3c/svg%3e){kind=small}
Google Cloud Security Bulletins
2026-04-15 Update: Added patch versions for Ubuntu nodes with GKE.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23273 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
2026-03-31 Update: Added patch versions for Ubuntu nodes with GKE.
The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23268.
2026-03-25 Update: Added patch versions for Ubuntu nodes with GKE.
The following vulnerabilities were discovered in Envoy Proxy: CVE-2026-26311 CVE-2026-26309 CVE-2026-26310 CVE-2026-26308 CVE-2026-26330 The following vulnerabilities were discovered in Istio: CVE-2026-31837 CVE-2026-31838 For instructions and more details, see the Cloud Service Mesh security bulletin.
In Google Cloud Vertex AI, a vulnerability involving predictable bucket naming was identified in Vertex AI Experiments from version 1.
A stored Cross-site Scripting (XSS) vulnerability in _genai/_evals_visualization was identified in Google google-cloud-aiplatform (Vertex AI Python SDK Visualization) on Exclusively-Hosted-Service.
A vulnerability was identified in the Apigee platform that could have allowed a malicious actor with administrative or developer-level permissions in their own Apigee environment to elevate privileges and access cross-tenant data.
Observability Analytics user interface versions prior to January 2026 can be configured to automatically execute SQL queries.
A set of security vulnerabilities affect Intel® TDX firmware.
2026-03-25 Update: Added patch versions for Ubuntu nodes with GKE.
2026-02-20 Update: Added patch versions for GKE.
This vulnerability affects Log Analytics interface and Cloud Monitoring dashboarding interface versions prior to January 2026.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23209 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
AMD reported a vulnerability in its firmware that could have allowed a malicious hypervisor to direct the IOMMU to write into the guest memory of AMD SEV-SNP enabled instances, compromising guest data integrity.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23231 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
Researchers discovered a vulnerability in AMD firmware that could allow a malicious hypervisor to alter BIOS settings and Memory Mapped I/O (MMIO) routing configurations, compromising the confidentiality and integrity of Confidential VMs with AMD SEV-SNP guests.
2026-05-07 Update: Added patch versions for Ubuntu node pools on GKE The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23074 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2025-38248 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
2026-05-04 Update: Added patch versions for GKE.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23274 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes: CVE-2026-23351 For instructions and more details, see the following bulletins: GKE security bulletin GDC software for VMware security bulletin GKE on AWS security bulletin GKE on Azure security bulletin GDC software for bare metal security bulletin
Microsoft is updating the Secure Boot certificates originally issued in 2011 to ensure Windows devices continue to verify trusted boot software.
CVE-2026-31431, also known as "Copy Fail," is a high-severity local privilege escalation (LPE) vulnerability in the Linux kernel that allows an unprivileged user to gain root access.
2026-05-20 Update: Added CVE-2026-43500 and added CVE IDs to exploit paths.
AMD has identified a hardware-level vulnerability in Zen 2 microarchitecture processors (including EPYC and Ryzen series) involving potential corruption within the micro-operation (OP) cache.
Researchers discovered a vulnerability in AMD firmware that, due to missing protection, could allow a malicious hypervisor to execute arbitrary code on the AMD Secure Processor (ASP).
A container breakout vulnerability CVE-2026-46300 has been found in the Linux kernel, known as Fragnesia.
A vulnerability was found in Apigee where the IntegrationRegion parameter in the SetIntegrationRequest policy lacks validation, allowing for Server-Side Request Forgery (SSRF) and service account token exfiltration.