GCP-2026-011
highvulnerability
security
Source: Google Cloud Security BulletinsMarch 11, 2026
Summary
A stored XSS vulnerability (cross-site scripting, where an attacker injects malicious code that gets saved and runs when others view it) was found in Google's Vertex AI Python SDK visualization tool. An unauthenticated attacker could inject harmful JavaScript code into model evaluation results or dataset files, which would then execute in a victim's Jupyter or Colab environment (cloud-based coding notebooks).
Solution / Mitigation
Update the google-cloud-aiplatform Python SDK to version 1.131.0 or later (released on 2025-12-16) to receive the fix.
Classification
Attack Type
Jailbreak
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Google
Related Issues
Original source: https://docs.cloud.google.com/support/bulletins/index#gcp-2026-011
First tracked: March 13, 2026 at 12:56 PM
Classified by LLM (prompt v3) · confidence: 92%