PatchSiren cyber security CVE debrief
CVE-2026-2472 Google Cloud CVE debrief
CVE-2026-2472 is a Stored Cross-Site Scripting (XSS) vulnerability in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0. This vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. The CVE was published on 2026-02-20T20:25:24.307Z and last modified on 2026-06-30T03:18:13.813Z.
- Vendor
- Google Cloud
- Product
- Vertex AI SDK for Python
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-20
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-20
- Advisory updated
- 2026-06-30
Who should care
Users of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 should be aware of this vulnerability and take necessary actions to mitigate it. Specifically, defenders of cloud-based Jupyter or Colab environments, and users of Vertex AI SDK for model evaluation and dataset management should prioritize patching. Security teams responsible for cloud-based AI/ML services should also be aware of the potential risks and take steps to protect their environments.
Technical summary
The vulnerability is caused by improper sanitization of user-input data in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK. An unauthenticated remote attacker can inject script escape sequences into model evaluation results or dataset JSON data, which can then be executed as JavaScript in a victim's Jupyter or Colab environment. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber. The weakness associated with this vulnerability is CWE-79.
Defensive priority
High priority should be given to patching Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0. Defenders should also consider implementing additional security controls, such as input validation and output encoding, to mitigate the risk of similar vulnerabilities in the future.
Recommended defensive actions
- Patch Google Cloud Vertex AI SDK (google-cloud-aiplatform) to version 1.131.0 or later
- Implement input validation and output encoding for model evaluation results and dataset JSON data
- Monitor Jupyter or Colab environments for suspicious activity
- Consider implementing additional security controls, such as web application firewalls (WAFs) or intrusion detection systems (IDSs)
- Review and update incident response plans to address potential XSS attacks
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. Additional sources, such as Google Cloud's support bulletin and Red Hat's errata, provide further context and mitigation guidance. However, due to limited information available, defenders should exercise caution and consider implementing additional security controls to mitigate the risk of similar vulnerabilities in the future.
Official resources
-
CVE-2026-2472 CVE record
CVE.org
-
CVE-2026-2472 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f45cbf4e-4146-4068-b7e1-655ffc2c548c
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.