A critical flaw in Google Dialogflow CX, dubbed Rogue Agent by Varonis, could have let an attacker with edit rights on one Code Block-enabled agent compromise other agents in the same Google Cloud project. Google fixed the issue, and there is no sign it was used in a real attack. #DialogflowCX #RogueAgent #Varonis #GoogleCloud
Keypoints
- A flaw in Dialogflow CX could expose all Code Block-enabled agents in one Google Cloud project.
- An attacker with dialogflow.playbooks.update permission could read conversations and send forged bot messages.
- Varonis named the issue Rogue Agent and reported it through Googleβs Vulnerability Reward Program.
- The shared Code Block runtime allowed file overwrite, unrestricted outbound internet access, and IMDS exposure.
- Google fixed the flaw, with no evidence of real-world exploitation.
Read More: https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html