Cloud Vertex AI v1.21.0-1.132.x Predictable Bucket RCE
CVE-2026-2473 Published on February 20, 2026

Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.

NVD

Weakness Type

Generation of Predictable Numbers or Identifiers

The product uses a scheme that generates numbers or identifiers that are more predictable than required.


Affected Versions

Google Cloud Vertex AI Experiments:

Exploit Probability

EPSS
0.41%
Percentile
32.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.