GHSA-qv8j-hgpc-vrq8: Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)
highvulnerability
security
Summary
This advisory describes a stored XSS (cross-site scripting, where malicious code is saved and executed when users view a webpage) vulnerability in Google Cloud Vertex AI SDK. The text provided explains the CVSS scoring framework (a 0-10 rating system for vulnerability severity) used to evaluate this vulnerability, covering factors like how an attacker could exploit it, what privileges they need, and what systems could be impacted.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedAPI
Affected Vendors
Google
Affected Packages
google-cloud-aiplatform@>= 1.98.0, < 1.131.0 (fixed: 1.131.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-qv8j-hgpc-vrq8
First tracked: February 20, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 85%