Google Cloud Agentspace Bucket Squatting Vulnerability Allowing Data Interception
Vulnerability
A vulnerability in Google Cloud Agentspace exposed sensitive information through predictable Google Cloud Storage bucket names. These names were used for error logs and temporary staging during data imports from Google Cloud Storage and Cloud SQL. The predictability allowed attackers to engage in 'bucket squatting' by registering these buckets before they were used by victims. This vulnerability could have enabled interception, access, or manipulation of data intended for legitimate Cloud Storage buckets associated with Agentspace.
Impact
Exploitation of this vulnerability could allow an attacker to intercept, access, or manipulate data meant for a legitimate Google Cloud Storage bucket used by Agentspace.
Remediation
Users of Google Cloud Agentspace do not need to take any action, as the vulnerability has been automatically addressed in all versions released after December 12, 2025.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.