Google Cloud Vertex AI Cross-Tenant Remote Code Execution Vulnerability in Vertex AI Experiments

Vulnerability

A vulnerability in Google Cloud Vertex AI Experiments, affecting versions 1.21.0 prior to 1.133.0, allows unauthenticated remote attackers to execute code across different tenants, steal models, and poison them. This is achieved by pre-creating predictably named Cloud Storage buckets, a tactic known as bucket squatting. The vulnerability has been patched, and no action is required from customers.

Impact

Exploitation of this vulnerability could lead to unauthorized cross-tenant remote code execution, model theft, and poisoning in Google Cloud Vertex AI.

Added: Feb 20, 2026, 8:36 PM

Updated: Feb 20, 2026, 8:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Cloud Vertex AI Cross-Tenant Remote Code Execution Vulnerability in Vertex AI Experiments

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating