Vulnerability Description
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-2473?
CVE-2026-2473 is a documented vulnerability. Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to...
How severe is CVE-2026-2473?
CVSS scoring is not yet available for CVE-2026-2473. Check NVD for updates.
Is there a patch for CVE-2026-2473?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.