Cross-Tenant Remote Code Execution Vulnerability in Google Cloud Vertex AI
CVE-2026-2473

7.7HIGH

Key Information:

Vendor: Google Cloud
Status: Vertex Ai Experiments
Vendor: CVE Published:; 20 February 2026

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2026-2473?

A vulnerability in Google Cloud Vertex AI allows unauthenticated remote attackers to exploit predictable bucket naming in Cloud Storage. This can lead to cross-tenant remote code execution, allowing attackers to steal or poison machine learning models. The issue arises in versions 1.21.0 through 1.132.9, where attackers can pre-create Cloud Storage buckets with predictable names, facilitating unauthorized access to sensitive resources. The vulnerability has been addressed, and users are not required to take any action.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vertex AI Experiments 1.21.0 < 1.133.0

References

https://docs.cloud.google.com/support/bulletins#gcp-2026-012

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 13, 2026

Credit

Omer Amiad

JSON

Google Cloud

What is CVE-2026-2473?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.