Archive: https://archive.today/TlTYH From the post: >>What started as a debugging endpoint info leak escalated into full remote code execution on Google Cloud's production environment. Three months later, it happened again. This vulnerability was assigned CVE-2026-2031. This story starts with one of my automated fuzzing tools alerting me about the API cloudcrmipfrontend-pa.googleapis.com, as it was responding with status 200 to some suspicious endpoints. On further inspection, the API seems to have several public debugging endpoints: