Stored Cross-Site Scripting in Google Cloud Vertex AI SDK

CVE-2026-2472

What is CVE-2026-2472?

CVE-2026-2472 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Google Cloud Vertex AI SDK, particularly in the _genai/_evals_visualization component. This SDK is used for developing and deploying machine learning models, facilitating tasks like data evaluation and model performance analysis within environments such as Jupyter Notebook and Google Colab. The vulnerability arises in versions from 1.98.0 to below 1.131.0, allowing unauthenticated remote attackers to execute arbitrary JavaScript within a victim’s environment by injecting malicious scripts into model evaluation outputs or dataset JSON data. This vulnerability poses a risk to organizations relying on the SDK for AI development, as it can lead to unauthorized access and manipulation of user data and systems, significantly undermining trust and security in cloud-based applications.

Potential impact of CVE-2026-2472

1. Data Compromise: The ability for attackers to execute arbitrary JavaScript in user environments can lead to the unauthorized access of sensitive data, including personal information and proprietary datasets stored in Colab or Jupyter setups.

2. System Integrity: The execution of malicious scripts enables attackers to manipulate or corrupt machine learning models or datasets, potentially leading to erroneous outputs and decisions based on compromised data integrity.

3. Reputational Damage: Organizations utilizing the Google Cloud Vertex AI SDK may face reputational harm if they fail to protect users from such vulnerabilities, leading to a loss of customer trust and potential financial repercussions associated with data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References