THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-0532 (HIGH 8.6) — External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker

[NVD] CVE-2026-0532 (HIGH 8.6) — External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker

lownvdPublished 2026-01-14

CVE-2026-0532 CVSS: 8.6 HIGH Published: 2026-01-14T11:15:50.510

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficien

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0532