{"data":{"id":"76d820ca-afd2-4c9d-9a70-69c2b514567f","title":"GCP-2026-011","summary":"A stored XSS vulnerability (cross-site scripting, where an attacker injects malicious code that gets saved and runs when others view it) was found in Google's Vertex AI Python SDK visualization tool. An unauthenticated attacker could inject harmful JavaScript code into model evaluation results or dataset files, which would then execute in a victim's Jupyter or Colab environment (cloud-based coding notebooks).","solution":"Update the google-cloud-aiplatform Python SDK to version 1.131.0 or later (released on 2025-12-16) to receive the fix.","labels":["security"],"sourceUrl":"https://docs.cloud.google.com/support/bulletins/index#gcp-2026-011","publishedAt":"2026-03-11T18:37:07.536Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google","Vertex AI","google-cloud-aiplatform"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-11T18:37:07.536Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}