AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-qv8j-hgpc-vrq8: Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

highvulnerability

security

Source: GitHub Advisory DatabaseFebruary 20, 2026CVE-2026-2472

Summary

This advisory describes a stored XSS (cross-site scripting, where malicious code is saved and executed when users view a webpage) vulnerability in Google Cloud Vertex AI SDK. The text provided explains the CVSS scoring framework (a 0-10 rating system for vulnerability severity) used to evaluate this vulnerability, covering factors like how an attacker could exploit it, what privileges they need, and what systems could be impacted.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedAPI

Affected Vendors

Google

Affected Packages

google-cloud-aiplatform@>= 1.98.0, < 1.131.0 (fixed: 1.131.0)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 20, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 85%