VDB
GCVE-110-CLOUD-2025-0036
GCVE-110-CLOUD-2025-0036
Advisory Published
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Cloud Build | — | — |
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.