Rogue Agent Flaw Allowed Attackers to Hijack Google Dialogflow CX Chatbots via Code Block Execution
A critical flaw allowed an attacker with specific permissions to compromise other Code Block-enabled agents in the same Google Cloud project, enabling them to read conversations, steal data, and manipulate bot responses. This vulnerability was categorized as a 'Rogue Agent' flaw, which exploited a shared, unisolated runtime environment for custom Python code execution.
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.
From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.
Security firm Varonis found it
*** END OF TRANSMISSION ***