CVE-2026-2473 — Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Description

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.

How to fix CVE-2026-2473

To remediate CVE-2026-2473, upgrade the affected package to a fixed version below.

—upgrade to 1.133.0 or later

Is CVE-2026-2473 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.21.0, < 1.133.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-2473
PATCHgithub.com/googleapis/python-aiplatform
WEBdocs.cloud.google.com/support/bulletins#gcp-2026-012
WEBgithub.com/googleapis/python-aiplatform/releases/tag/v1.133.0