Live Feeds
● LIVE Updated 3h ago · 38 sources tracked

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A vulnerability in the Google Vertex AI Python SDK permits attackers to hijack machine learning model uploads. This flaw enables remote code execution within Google serving infrastructure. The issue is characterized as a Pickle in the Middle attack.

RSS Source map (34)

What changed

The vulnerability is now identified as a Pickle in the Middle attack involving bucket squatting.

Live updates

  1. Google Vertex AI SDK Flaw Allows RCE via Bucket Squatting

    A vulnerability in the Google Vertex AI Python SDK permits attackers to hijack machine learning model uploads. This flaw enables remote code execution within Google serving infrastructure. The issue is characterized as a Pickle in the Middle attack.

    What's confirmed:

    • The Google Vertex AI Python SDK flaw allows attackers to hijack machine learning model uploads.
    • The vulnerability enables the execution of code within Google serving infrastructure.
    • Palo Alto Networks Unit 42 discovered the bug and reported it via a bug bounty program.

    Still unconfirmed:

    • The vulnerability is known as a Pickle in the Middle attack that allows RCE via bucket squatting.
    confidence 90%

  2. Google Vertex AI SDK Vulnerability Identified as Pickle in the Middle

    A flaw in the Google Cloud Vertex AI Python SDK allowed attackers to hijack machine learning model uploads. This vulnerability enabled the execution of code within Google serving infrastructure. Palo Alto Networks Unit 42 discovered the bug and reported it via a bug bounty program.

    What's confirmed:

    • Palo Alto Networks Unit 42 discovered the flaw and reported it through Google's bug bounty program.
    • The vulnerability allowed an attacker without project access to run code inside Google serving infrastructure by hijacking model uploads.

    Still unconfirmed:

    • Palo Alto Networks Unit 42 stated it saw no exploitation of this flaw in the wild.
    confidence 90%

  3. Google Vertex AI SDK Flaw Enabled Model Upload Hijacking

    A vulnerability in the Google Cloud Vertex AI Python SDK allowed attackers to execute arbitrary code within Google serving infrastructure. This was achieved through bucket squatting using predictable staging bucket names. Google fixed the issue in SDK version 1.148.0.

    What's confirmed:

    • The flaw allowed for remote code execution inside Google AI serving infrastructure.
    • The vulnerability was resolved in SDK version 1.148.0.
    • Attackers could intercept model uploads by pre-creating predictable Vertex AI staging buckets.

    Still unconfirmed:

    • The vulnerability led to model poisoning and credential theft.
    • SDK versions 1.139.0 and 1.140.0 contained the predictable staging bucket flaw.
    confidence 90%

  4. Google Patches Vertex AI SDK Bucket Squatting Flaw

    A vulnerability in the Google Cloud Vertex AI Python SDK allowed attackers to hijack machine learning model artifacts. This flaw enabled remote code execution within Google serving infrastructure. Google resolved the issue in SDK version 1.148.0.

    What's confirmed:

    • The flaw affected the Google Cloud Vertex AI SDK for Python.
    • Attackers could hijack model uploads and run code inside Google serving infrastructure.
    • Google patched the vulnerability in version 1.148.0 or later.
    • The fix introduced randomized bucket naming and explicit bucket ownership verification.

    Still unconfirmed:

    • Attackers used a victim's public project ID to hijack artifacts via bucket squatting.
    • No exploitation of the flaw has been observed in the wild.
    • The vulnerability is tracked as CVE-2026-2473.
    confidence 90%

  5. Google Patches Vertex AI SDK Flaw Allowing Model Hijacking

    A critical vulnerability in the Google Cloud Vertex AI SDK for Python enabled attackers to hijack model uploads. This flaw could lead to remote code execution across tenants. Google has released a patch to fix the issue.

    What's confirmed:

    • Google patched a flaw in the Vertex AI SDK for Python that allowed attackers to hijack model uploads.
    • The vulnerability could enable remote code execution across tenants.

    Still unconfirmed:

    • Broad default permissions in the Vertex AI suite allowed Palo Alto Networks' Unit 42 to access credentials and restricted Google-owned Artifact Registry images.
    • Customer data and internal Google code are at risk from double agents operating within the platform.
    confidence 90%

  6. Google Patches Vertex AI SDK Flaw Enabling Model Hijacking

    A vulnerability in the Google Cloud Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads. This flaw, dubbed Pickle in the Middle, could enable remote code execution within Google serving infrastructure. Google has released a patch to address the issue.

    What's confirmed:

    • Palo Alto Networks Unit 42 discovered the vulnerability and reported it via Google's bug bounty program.
    • The flaw allowed attackers to run code in Google's serving infrastructure without requiring access to the victim's project.
    • Attackers only needed their own Google Cloud project and the victim's project ID to execute the attack.
    • The technique used for this attack is called Pickle in the Middle.
    • Users are advised to update the SDK to version 1.148.0 or later.
    • Unit 42 reported no evidence of exploitation in the wild.
    confidence 100%