Tenable Research Identifies Critical ‘LookOut’ Vulnerabilities in Google Looker

Tenable Research has uncovered two critical vulnerabilities, collectively named “LookOut”, in Google Looker, a widely used business intelligence and analytics platform deployed by more than 60,000 organisations across 195 countries.

The most severe finding is a remote code execution (RCE) chain that could allow attackers to execute arbitrary commands on a Looker server, effectively granting full administrative control. Exploitation of this vulnerability could enable threat actors to steal sensitive credentials, manipulate analytics data, or move laterally into an organisation’s internal network. In cloud-based deployments, the flaw could potentially expose systems to cross-tenant access risks.

“This level of access is particularly dangerous because Looker often acts as the central nervous system for corporate data,” said Liv Matan, Senior Research Engineer at Tenable, who led the research. “A successful breach could allow attackers not only to manipulate business-critical data but also to pivot deeper into an organisation ...