PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2472 Google Cloud CVE debrief

CVE-2026-2472 is a Stored Cross-Site Scripting (XSS) vulnerability in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0. This vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. The CVE was published on 2026-02-20T20:25:24.307Z and last modified on 2026-06-30T03:18:13.813Z.

Vendor
Google Cloud
Product
Vertex AI SDK for Python
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-20
Original CVE updated
2026-06-30
Advisory published
2026-02-20
Advisory updated
2026-06-30

Who should care

Users of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 should be aware of this vulnerability and take necessary actions to mitigate it. Specifically, defenders of cloud-based Jupyter or Colab environments, and users of Vertex AI SDK for model evaluation and dataset management should prioritize patching. Security teams responsible for cloud-based AI/ML services should also be aware of the potential risks and take steps to protect their environments.

Technical summary

The vulnerability is caused by improper sanitization of user-input data in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK. An unauthenticated remote attacker can inject script escape sequences into model evaluation results or dataset JSON data, which can then be executed as JavaScript in a victim's Jupyter or Colab environment. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber. The weakness associated with this vulnerability is CWE-79.

Defensive priority

High priority should be given to patching Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0. Defenders should also consider implementing additional security controls, such as input validation and output encoding, to mitigate the risk of similar vulnerabilities in the future.

Recommended defensive actions

  • Patch Google Cloud Vertex AI SDK (google-cloud-aiplatform) to version 1.131.0 or later
  • Implement input validation and output encoding for model evaluation results and dataset JSON data
  • Monitor Jupyter or Colab environments for suspicious activity
  • Consider implementing additional security controls, such as web application firewalls (WAFs) or intrusion detection systems (IDSs)
  • Review and update incident response plans to address potential XSS attacks

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. Additional sources, such as Google Cloud's support bulletin and Red Hat's errata, provide further context and mitigation guidance. However, due to limited information available, defenders should exercise caution and consider implementing additional security controls to mitigate the risk of similar vulnerabilities in the future.

Official resources

This article is AI-assisted and based on the supplied source corpus.