Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Google Cloud Vertex AI SDK allows malicious scripts in model evaluation
CVE-2026-2472
GHSA-qv8j-hgpc-vrq8
Summary
Google Cloud Vertex AI SDK versions 1.98.0 to 1.131.0 are vulnerable to a security risk where an attacker can inject malicious code into model evaluation results or dataset data, allowing them to take control of a user's Jupyter or Colab environment. This could potentially lead to data theft, unauthorized actions, or other malicious activities. Update to a version of Google Cloud Vertex AI SDK that is not affected by this issue.
What to do
- Update google-cloud-aiplatform to version 1.131.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | google-cloud-aiplatform | > 1.98.0 , <= 1.131.0 | 1.131.0 |
Original title
Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)
Original description
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
nvd CVSS4.0
8.6
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://nvd.nist.gov/vuln/detail/CVE-2026-2472
- https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c...
- https://github.com/googleapis/python-aiplatform/releases/tag/v1.131.0
- https://github.com/advisories/GHSA-qv8j-hgpc-vrq8
- https://docs.cloud.google.com/support/bulletins#gcp-2026-011
- https://github.com/JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026