New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries  Ravie Lakshmanan  Mar 10, 2026 Database Security / Vulnerability Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in the wild. Following responsible disclosure in June 2025, the issues have been addressed by Google. The list of security flaws is as follows - Cross Tenant Unauthorized Access - Zero-Click SQL Injection on Database Connectors Cross Tenant Unauthorized Access - Zero-Click SQL Injection Through Stored Credentials Cross Tenant SQL Injection on BigQuery Through Native Functions Cross-Tenant Data Sources Leak With Hyperlinks Cross Tenant SQL injection on Spanner and BigQuery Through Custom Queries on a Victim’s Data Source Cross Tenant SQL Injection on BigQuery and Spanner Through the Linking API Cross-Tenant Data Sources Leak With Image Rendering Cross-Tenant XS Leak on Arbitrary Data Sources With Frame Counting and Timing Oracles Cross Tenant Denial of Wallet Through BigQuery "The vulnerabilities broke fundamental design assumptions, revealed a new attack class, and could have allowed attackers to exfiltrate, insert, and delete data in victims' services and Google Cloud environment," security researcher Liv Matan said in a report shared with The Hacker News. "These vulnerabilities exposed sensitive data across Google Cloud Platform (GCP) environments, potentially affecting any organization using Google Sheets, BigQuery, Spanner, PostgreSQL, MySQL, Cloud Storage, and almost any other Looker Studio data connector." Successful exploitation of the cross-tenant flaws could enable threat actors to gain access to entire datasets and projects across different cloud tenants. Attackers could scan for public Looker Studio reports or obtain access to private ones that use these connectors (e.g., BigQuery) and seize control of the databases, allowing them to run arbitrary SQL queries across the owner's entire GCP project. Alternatively, a victim creates a report as public or shares it with a specific recipient, and uses a JDBC-connected data source such as PostgreSQL. In this scenario, the attacker can take advantage of a logic flaw in the copy report feature that makes it possible to clone reports while retaining the original owner's credentials, enabling them to delete or modify tables. Another high-impact path detailed by the cybersecurity company involved one-click data exfiltration, where sharing a specially crafted report forces a victim's browser to execute malicious code that contacts an attacker-controlled project to reconstruct entire databases from logs. "The vulnerabilities broke the fundamental promise that a 'Viewer' should never be able to control the data they are viewing," Matan said, adding they "could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets." Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post. SHARE      Tweet  Share  Share  Share   Share on Facebook  Share on Twitter  Share on Linkedin  Share on Reddit  Share on Hacker News  Share on Email  Share on WhatsApp Share on Facebook Messenger  Share on Telegram SHARE  BigQuery , Cloud security , cybersecurity , data exfiltration , database security , Google Cloud , sql injection , Vulnerability Trending News ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Identity Controls Checklist: Find Missing Protections in Apps