Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Vertex AI SDK for Python by Google Cloud
CVE-2026-2472 (GCVE-0-2026-2472)
Vulnerability from nvd – Published: 2026-02-20 19:29 – Updated: 2026-06-30 12:06 Exclusively Hosted Service
VLAI
Title
Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization
Summary
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://docs.cloud.google.com/support/bulletins#g… | |
| https://github.com/JoshuaProvoste/CVE-2026-2472-V… | |
| https://access.redhat.com/security/cve/CVE-2026-2472 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441472 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:10184 | vendor-advisoryx_refsource_REDHAT |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Google Cloud | Vertex AI SDK for Python |
Affected:
1.98.0 , < 1.131.0
(custom)
|
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:56:14.689621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:56:46.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-27T17:38:41.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-20T19:29:12.162Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in google-cloud-aiplatform. This Stored Cross-Site Scripting (XSS) vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript code within a victim\u0027s Jupyter or Colab environment. This is achieved by injecting malicious script escape sequences into model evaluation results or dataset JSON data. The primary consequence is arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:57.456Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-2472"
},
{
"name": "RHBZ#2441472",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441472"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2472.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-20T20:03:43.567Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-20T19:29:12.162Z",
"value": "Made public."
}
],
"title": "google-cloud-aiplatform: google-cloud-aiplatform: Arbitrary code execution via Stored Cross-Site Scripting (XSS)",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertex AI SDK for Python",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "1.131.0",
"status": "affected",
"version": "1.98.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Din Asoti\u0107"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim\u0027s Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim\u0027s Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:29:12.162Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-011"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers will need to update their google-cloud-aiplatform Python SDK to version 1.131.0 (released on 2025-12-16) or later to receive the fix.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Customers will need to update their google-cloud-aiplatform Python SDK to version 1.131.0 (released on 2025-12-16) or later to receive the fix."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2026-2472",
"datePublished": "2026-02-20T19:29:12.162Z",
"dateReserved": "2026-02-13T15:38:12.195Z",
"dateUpdated": "2026-06-30T12:06:57.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2472 (GCVE-0-2026-2472)
Vulnerability from cvelistv5 – Published: 2026-02-20 19:29 – Updated: 2026-06-30 12:06 Exclusively Hosted Service
VLAI
Title
Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization
Summary
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://docs.cloud.google.com/support/bulletins#g… | |
| https://github.com/JoshuaProvoste/CVE-2026-2472-V… | |
| https://access.redhat.com/security/cve/CVE-2026-2472 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441472 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:10184 | vendor-advisoryx_refsource_REDHAT |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Google Cloud | Vertex AI SDK for Python |
Affected:
1.98.0 , < 1.131.0
(custom)
|
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-23T19:56:14.689621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T19:56:46.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-27T17:38:41.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-20T19:29:12.162Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in google-cloud-aiplatform. This Stored Cross-Site Scripting (XSS) vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript code within a victim\u0027s Jupyter or Colab environment. This is achieved by injecting malicious script escape sequences into model evaluation results or dataset JSON data. The primary consequence is arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:57.456Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-2472"
},
{
"name": "RHBZ#2441472",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441472"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2472.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-20T20:03:43.567Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-20T19:29:12.162Z",
"value": "Made public."
}
],
"title": "google-cloud-aiplatform: google-cloud-aiplatform: Arbitrary code execution via Stored Cross-Site Scripting (XSS)",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertex AI SDK for Python",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "1.131.0",
"status": "affected",
"version": "1.98.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Din Asoti\u0107"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim\u0027s Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim\u0027s Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T19:29:12.162Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-011"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers will need to update their google-cloud-aiplatform Python SDK to version 1.131.0 (released on 2025-12-16) or later to receive the fix.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Customers will need to update their google-cloud-aiplatform Python SDK to version 1.131.0 (released on 2025-12-16) or later to receive the fix."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2026-2472",
"datePublished": "2026-02-20T19:29:12.162Z",
"dateReserved": "2026-02-13T15:38:12.195Z",
"dateUpdated": "2026-06-30T12:06:57.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}