CVE-2026-2472 — Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Description

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

How to fix CVE-2026-2472

To remediate CVE-2026-2472, upgrade the affected package to a fixed version below.

PyPI/google-cloud-aiplatform—upgrade to 1.131.0 or later

Is CVE-2026-2472 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.98.0, < 1.131.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-2472
PATCHgithub.com/googleapis/python-aiplatform
WEBdocs.cloud.google.com/support/bulletins#gcp-2026-011
WEBgithub.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480