VDB
GCVE-110-CLOUD-2021-0028
GCVE-110-CLOUD-2021-0028
Advisory Published
GCP provides an OS Login service for managing SSH access to compute instances using IAM roles.
An attacker could abuse this feature via LXD, Docker (if available on the target system) and
DHCP poisoning of the metadata server to escalate their privileges on a Google Compute Engine VM.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Compute Engine | — | — |
References
Privilege escalation in GCP OS Login
advisory
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.