High severityNVD Advisory· Published Feb 26, 2026· Updated Apr 15, 2026

CVE-2026-2244

Description

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script.

All instances after January 30th, 2026 have been patched to protect from this vulnerability. No user action is required for this.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.cloud.google.com/vertex-ai/docs/workbench/release-notesnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000