Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
Summary
A flaw in Google's Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads through bucket squatting (creating a Cloud Storage bucket with a name the victim's SDK would predictably generate). Attackers could replace the uploaded model with malicious code that executes when the model loads, potentially stealing credentials and accessing other data in Google's infrastructure. The attack required only the victim's public project ID and no access to their account.
Solution / Mitigation
Update the google-cloud-aiplatform SDK to version 1.148.0 or later, which adds bucket ownership verification to block bucket squatting. Additionally, explicitly set the staging_bucket parameter to a Cloud Storage location you control when uploading models, and check the SDK version wherever it runs (notebooks, CI/CD jobs, training pipelines, and production services).
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html
First tracked: June 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%