Bucket Squatting in Vertex AI Experiments leads to RCE and...

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

Description

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

Basic Information

ID CVE-2026-2473

Source GoogleCloud

Published Feb 20, 2026 at 19:39

Affected Product

Vendor Google Cloud

Product Vertex AI Experiments

Version 1.21.0

Affected Versions Google Cloud Vertex AI Experiments 1.21.0

CWE Classification

CWE-340

References

docs.cloud.google.com /support/bulletins

{
    "lastseen": "",
    "description": "Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to\u00a0(but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).\n\nThis vulnerability was patched and no customer action is needed.",
    "published": "2026-02-20T19:39:51.015Z",
    "modified": "2026-02-20T19:39:51.015Z",
    "type": "cve",
    "title": "Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.",
    "source": "GoogleCloud",
    "references": "https://docs.cloud.google.com/support/bulletins#gcp-2026-012",
    "id": "CVE-2026-2473",
    "bulletinFamily": "",
    "cwe": [
        "CWE-340"
    ],
    "cvelist": null,
    "sourceData": "Google Cloud Vertex AI Experiments 1.21.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vertex AI Experiments",
    "version": "1.21.0",
    "vendor": "Google Cloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft._CVE-2026-2473