CVE-2026-2473 HIGH

CVE-2026-2473: Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Vendor Google Cloud
Product Vertex AI Experiments
Weakness CWE-340
Published February 20, 2026
Last update February 23, 2026

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

What the vulnerability does

01Description

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.

Key dates

02Disclosure timeline

February 20, 2026 CVE published
February 23, 2026 Record updated

Related vulnerabilities

04Related CVE