A security researcher has been awarded $148,337 by Google for identifying a critical remote code execution (RCE) vulnerability within Google Cloud’s Application Integration service. This flaw, now designated as CVE-2026-2031, posed a significant risk by potentially allowing unauthorized code execution within Google’s production environment.
The vulnerability was uncovered by Arvin Shivram, who detailed the discovery process in a blog post titled “StubZero: $148,337 RCE in Google Cloud Production.” The issue originated from an access control weakness in the Application Integration service, which could be exploited to achieve RCE, earning it a maximum CVSS score of 10.0.
Shivram’s investigation began when an automated fuzzing tool flagged an internal API endpoint, cloudcrmipfrontend-pa.googleapis.com, for returning HTTP 200 responses on debugging endpoints. Further examination revealed an endpoint, v1/integrationPlatform/getProtoDefinition, that exposed protobuf descriptors for various internal messages and services, including those related to YouTube and Google’s internal CRM systems. This exposure provided a comprehensive view of internal API schemas, facilitating further exploration.
Another endpoint, listQuotaQueue, was found to leak an internal workflow execution queue along with a critical clientId value when queried with specific parameters and headers. Utilizing this information, Shivram was able to create draft workflows via the createDraftWorkflow function in the Application Integration backend. This led to the discovery of an internal task type named GenericStubbyTypedTaskV2, which serves as a wrapper around Google’s Stubby RPC framework within Application Integration workflows.
By configuring the GenericStubbyTypedTaskV2 task with parameters such as serverSpec, serviceName, and serviceMethod, Shivram could initiate arbitrary Stubby RPC calls from Google’s production environment, leveraging the privileged service identity of the integration platform. Google’s Cloud Vulnerability Reward Program classifies such Stubby-level access as RCE in the production environment due to the extensive access it provides to internal services and data, contingent on the RpcSecurityPolicy of the target.
Initially, the workflow publishing process was safeguarded by a two-person approval requirement, preventing a single account from both editing and publishing a workflow. However, Shivram circumvented this restriction by exploiting an internal ACL endpoint, integrationPlatform/auth/setAcl, to add two attacker-controlled Google accounts to the workflow ACL, using one as the requester and the other as the approver.
In collaboration with another researcher, known as “shrugged,” it was discovered that Google’s initial mitigations were not uniformly deployed across all backend instances behind a load balancer. By repeatedly sending createDraftWorkflow requests, they were able to target still-vulnerable backends, maintaining the RCE pathway.
Google has since addressed the vulnerability by restricting internal endpoint access, rectifying Insecure Direct Object Reference (IDOR) weaknesses, and enhancing RPC security controls. This incident underscores the critical importance of robust access controls and thorough security assessments in cloud services to prevent potential exploitation.
The substantial reward reflects the severity of the vulnerability and Google’s commitment to collaborating with the security research community to fortify its platforms. It also highlights the value of responsible disclosure and the role of independent researchers in identifying and mitigating security risks in widely used cloud services.
