Privilege Escalation via Playbook Import in Dialogflow CX (Google Cloud Platform)
critical-cve-against-infra · active
A missing authorization flaw in the playbook import functionality of Dialogflow CX on Google Cloud Platform allowed an authenticated user with certain roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. Google patched the issue server-side on 15 March 2026; no customer action is required.