Cyber Resilience

CVE-2026-4810

Critical

Published: 13 April 2026

Published
13 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
EPSS Score 0.0182 75.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-4810 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2026-4810 is a code injection vulnerability combined with missing authentication in the Google Agent Development Kit (ADK) for Python, affecting versions 1.7.0 through 1.28.1 as well as the corresponding 2.0.0a1 and 2.0.0a2 pre-releases when deployed on Cloud Run, GKE, or as open-source software. The flaw permits unauthenticated remote attackers to execute arbitrary code on the host running the ADK instance.

An unauthenticated remote attacker can directly target exposed ADK deployments to achieve full code execution, resulting in complete compromise of the confidentiality, integrity, and availability of the server and any connected resources.

The vulnerability was addressed in ADK versions 1.28.1 and 2.0.0a2. Organizations must redeploy the updated package to production environments on Cloud Run and GKE; users running the ADK Web interface locally must also upgrade their local installations.

The EPSS score remains low with only a negligible increase between its recorded current and peak values, indicating limited observed exploitation interest to date.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server…

more

hosting the ADK instance. This vulnerability was patched in versions 1.28.1 and 2.0.0a2. Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote code injection/RCE on server-side ADK instance (Cloud Run/GKE) directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306
CVE-2025-26362Shared CWE-306
CVE-2026-48692Shared CWE-306
CVE-2022-50981Shared CWE-306
CVE-2025-58083Shared CWE-306
CVE-2025-21515Shared CWE-306
CVE-2026-6376Shared CWE-306

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-306

Requires established identification and authentication to unlock, mitigating missing authentication for continued system access.

addresses: CWE-306

Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.

addresses: CWE-306

Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.

addresses: CWE-306

Guarantees critical functions are protected by mandatory invocation of the access control mechanism.

addresses: CWE-306

Auditing sessions makes it possible to detect access to critical functions without required authentication.

addresses: CWE-306

The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.

addresses: CWE-306

Certification assesses that critical functions have required authentication controls in place.

addresses: CWE-306

Disabling non-essential functions and services eliminates the need to secure them, reducing exposure from missing authentication on unnecessary components.

References