High severityNVD Advisory· Published Feb 20, 2026· Updated Apr 15, 2026

CVE-2026-2473

Description

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

This vulnerability was patched and no customer action is needed.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
google-cloud-aiplatformPyPI	>= 1.21.0, < 1.133.0	1.133.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wh2j-26j7-9728ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-2473ghsaADVISORY
docs.cloud.google.com/support/bulletinsnvdWEB
github.com/googleapis/python-aiplatform/releases/tag/v1.133.0ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000