SECURITYWEEK reports that researchers from Tenable identified two vulnerabilities in Google Looker, collectively known as LookOut, which could allow remote code execution and data exfiltration from Looker instances.
According to Tenable, the flaws can be exploited by an attacker with developer permissions to gain full administrative access to the underlying infrastructure, potentially enabling secret theft, data manipulation, or deeper network movement, with a particular note that cloud instances could risk cross-tenant access.
The second vulnerability was described as an authorization bypass that allowed attackers to attach to Looker’s internal database connections and exfiltrate the full internal MySQL database via error-based SQL injection. Google patched the vulnerabilities in late September 2025; the patch has been applied to cloud-hosted Looker instances, but users running self-hosted Looker must ensure they are on a patched version. The article notes that Google found no evidence of in-the-wild exploitation. The piece, published on 4 February 2026, underscores the importance for organisations using Looker to verify patch status across deployments.