CVE-2026-2473 | THREATINT

Description

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.

PUBLISHED Reserved 2026-02-13 | Published 2026-02-20 | Updated 2026-02-23 | Assigner GoogleCloud

HIGH: 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

Problem types

CWE-340 Generation of Predictable Numbers or Identifiers

Product status

Default status

unaffected

1.21.0 (custom) before 1.133.0

affected

Credits

Omer Amiad reporter

References

docs.cloud.google.com/support/bulletins

cve.org (CVE-2026-2473)

nvd.nist.gov (CVE-2026-2473)

Download JSON