📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming

A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

PT-2026-21291

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI versions 1.21.0 through 1.132.9 Description A flaw exists in Vertex AI Experiments within Google Cloud Vertex AI that could allow a remote, unauthenticated attacker to execute code, steal models, and poison data. This is...

Google Cloud Vertex AI 安全漏洞

Google Cloud Vertex AI is a full-stack artificial intelligence platform developed by Google Inc. Versions of Google Cloud Vertex AI prior to 1.133.0 contained security vulnerabilities. These vulnerabilities stemmed from predictable bucket naming in Vertex AI Experiments, allowing unauthenticated...