HIGHCVE-2026-2473Published 2026-02-20Modified 2026-02-23CNA GoogleCloud

CVE-2026-2473: Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.

CVSS v4.0: 7.7
Severity: HIGH
Fixed in: 1.133.0
Affected Products: 1

Fix available

1.133.0

Affected packages

Google Cloud / Vertex AI Experiments
< 1.133.0 (from 1.21.0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

References

docs.cloud.google.com

Metrics

Fix available