Google has addressed a privilege escalation vulnerability in Cloud Composer 2, which could have allowed attackers with edit permissions to exploit the default Cloud Build service account. The fix, implemented in December 2024, ensures that environments use their service accounts for package installations, thereby enhancing security. No evidence of exploitation has been reported.