Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Vertex AI Experiments by Google Cloud
CVE-2026-2473 (GCVE-0-2026-2473)
Vulnerability from nvd – Published: 2026-02-20 19:39 – Updated: 2026-02-23 19:54 Exclusively Hosted Service
VLAI?
Title
Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Summary
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).
This vulnerability was patched and no customer action is needed.
Severity ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Vertex AI Experiments |
Affected:
1.21.0 , < 1.133.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:52:07.113995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:54:20.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertex AI Experiments",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "1.133.0",
"status": "affected",
"version": "1.21.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Omer Amiad"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePredictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to\u0026nbsp;(but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis vulnerability was patched and no customer action is needed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to\u00a0(but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).\n\nThis vulnerability was patched and no customer action is needed."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:39:51.015Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-012"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2026-2473",
"datePublished": "2026-02-20T19:39:51.015Z",
"dateReserved": "2026-02-13T15:41:59.549Z",
"dateUpdated": "2026-02-23T19:54:20.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2473 (GCVE-0-2026-2473)
Vulnerability from cvelistv5 – Published: 2026-02-20 19:39 – Updated: 2026-02-23 19:54 Exclusively Hosted Service
VLAI?
Title
Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Summary
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).
This vulnerability was patched and no customer action is needed.
Severity ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Vertex AI Experiments |
Affected:
1.21.0 , < 1.133.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:52:07.113995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:54:20.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertex AI Experiments",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "1.133.0",
"status": "affected",
"version": "1.21.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Omer Amiad"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePredictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to\u0026nbsp;(but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis vulnerability was patched and no customer action is needed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to\u00a0(but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).\n\nThis vulnerability was patched and no customer action is needed."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:39:51.015Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-012"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2026-2473",
"datePublished": "2026-02-20T19:39:51.015Z",
"dateReserved": "2026-02-13T15:41:59.549Z",
"dateUpdated": "2026-02-23T19:54:20.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}