AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-wh2j-26j7-9728: Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

highvulnerability

security

Source: GitHub Advisory DatabaseFebruary 20, 2026CVE-2026-2473

Summary

This advisory describes a vulnerability in Google Cloud Vertex AI related to predictable bucket naming (a bucket is a container for storing data in cloud storage). The content provided explains the framework used to assess vulnerability severity through metrics like attack vector, complexity, and required privileges, but does not describe the actual vulnerability details, its impact, or how it affects users.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack Type

Data Extraction

Attack SophisticationTrivial

Impact (CIA+S)

confidentiality

AI Component TargetedInference

Affected Vendors

Google

Affected Packages

google-cloud-aiplatform@>= 1.21.0, < 1.133.0 (fixed: 1.133.0)

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 20, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 85%