CVE-2026-4810
Published: 13 April 2026
Summary
CVE-2026-4810 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2026-4810 is a code injection vulnerability combined with missing authentication in the Google Agent Development Kit (ADK) for Python, affecting versions 1.7.0 through 1.28.1 as well as the corresponding 2.0.0a1 and 2.0.0a2 pre-releases when deployed on Cloud Run, GKE, or as open-source software. The flaw permits unauthenticated remote attackers to execute arbitrary code on the host running the ADK instance.
An unauthenticated remote attacker can directly target exposed ADK deployments to achieve full code execution, resulting in complete compromise of the confidentiality, integrity, and availability of the server and any connected resources.
The vulnerability was addressed in ADK versions 1.28.1 and 2.0.0a2. Organizations must redeploy the updated package to production environments on Cloud Run and GKE; users running the ADK Web interface locally must also upgrade their local installations.
The EPSS score remains low with only a negligible increase between its recorded current and peak values, indicating limited observed exploitation interest to date.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21900
Vulnerability details
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server…
more
hosting the ADK instance. This vulnerability was patched in versions 1.28.1 and 2.0.0a2. Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote code injection/RCE on server-side ADK instance (Cloud Run/GKE) directly enables exploitation of public-facing applications.
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires established identification and authentication to unlock, mitigating missing authentication for continued system access.
Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.
Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.
Guarantees critical functions are protected by mandatory invocation of the access control mechanism.
Auditing sessions makes it possible to detect access to critical functions without required authentication.
The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.
Certification assesses that critical functions have required authentication controls in place.
Disabling non-essential functions and services eliminates the need to secure them, reducing exposure from missing authentication on unnecessary components.