{"data":{"id":"d821964c-eb64-4732-a3b7-1c29d3e30539","title":"Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting","summary":"A flaw in Google's Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads through bucket squatting (creating a Cloud Storage bucket with a name the victim's SDK would predictably generate). Attackers could replace the uploaded model with malicious code that executes when the model loads, potentially stealing credentials and accessing other data in Google's infrastructure. The attack required only the victim's public project ID and no access to their account.","solution":"Update the google-cloud-aiplatform SDK to version 1.148.0 or later, which adds bucket ownership verification to block bucket squatting. Additionally, explicitly set the staging_bucket parameter to a Cloud Storage location you control when uploading models, and check the SDK version wherever it runs (notebooks, CI/CD jobs, training pipelines, and production services).","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html","publishedAt":"2026-06-16T19:05:41.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","model_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google Vertex AI","Google Cloud Storage","TensorFlow","BigQuery"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-16T19:05:41.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}