GCP-2026-012 — Published: 2026-02-20Description Description Severity Notes In Google Cloud Vertex AI, a vulnerability involving predictable bucket naming…

Published: 2026-02-20Description Description Severity Notes In Google Cloud Vertex AI, a vulnerability involving predictable bucket naming was identified in Vertex AI Experiments from version 1.21.0 up to (but not including) 1.133.0. What should I do? No customer action is needed for mitigation. CVE-2026-2473 allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning using pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was identified in Vertex AI Experiments version 1.21.0. Mitigations have already been applied to version 1.133.0 and later. High CVE-2026-2473