An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed.
An improper authorization vulnerability
Exploit
CVE-2026-3136
NVD
Refer to CVE-2026-3136 NVD advisory