Cloud Vertex AI v1.21.0-1.132.x Predictable Bucket RCE
CVE-2026-2473 Published on February 20, 2026
Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).
This vulnerability was patched and no customer action is needed.
Weakness Type
Generation of Predictable Numbers or Identifiers
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
Affected Versions
Google Cloud Vertex AI Experiments:- Version 1.21.0 and below 1.133.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.