[Alert] Google Vertex AI SDK Vulnerability CVE-2026-2472
High-severity security alert for developers: CVE-2026-2472 affects the Google Vertex AI Python SDK prior to version 1.131.0. Learn the impact and patch guidance.
Google disclosed CVE-2026-2472 in its Google Cloud security bulletins on February 20, 2026. The issue affects the google-cloud-aiplatform package, commonly used as the Vertex AI Python SDK, in versions before 1.131.0.
This is a high-severity stored cross-site scripting (XSS) vulnerability, not a remote code execution flaw. According to Google's bulletin, an unauthenticated attacker could inject script escape sequences into model evaluation results or dataset JSON data, causing arbitrary JavaScript execution in a victim's Jupyter or Colab environment.
What the vulnerability affects
Google attributes the issue to _genai/_evals_visualization in the Vertex AI Python SDK visualization flow. The practical risk is highest for teams that render evaluation outputs from untrusted or semi-trusted data in shared notebook environments.
Because the payload executes in the browser context of the notebook user, the risk is centered on session abuse, notebook-side script execution, and exposure of data visible in that environment, rather than direct cloud infrastructure takeover.
How to patch and verify
Google's bulletin says customers should upgrade google-cloud-aiplatform to version 1.131.0 or later. The same bulletin notes that 1.131.0 was released on December 16, 2025.
pip install --upgrade google-cloud-aiplatformThen verify the installed version:
python -c "import vertexai, pkg_resources; print(pkg_resources.get_distribution('google-cloud-aiplatform').version)"Immediate mitigation steps
- Avoid untrusted renders: Do not visualize untrusted model evaluation outputs in Jupyter or Colab.
- Review notebook access: Audit notebook sharing permissions and active browser sessions.
- Separate evaluation artifacts: Keep dataset JSON and eval outputs isolated from analyst notebooks where possible.
- Treat inputs as untrusted: Handle imported dataset JSON and visualization content as potentially hostile.
Frequently Asked Questions
What is CVE-2026-2472?
It is a high-severity stored XSS vulnerability in the Google Vertex AI Python SDK visualization path, affecting google-cloud-aiplatform versions before 1.131.0.
Is CVE-2026-2472 remote code execution?
No. Google's public bulletin describes it as stored XSS that can execute arbitrary JavaScript in a victim's Jupyter or Colab environment.
How do I fix the Vertex AI SDK vulnerability?
Upgrade google-cloud-aiplatform to 1.131.0 or later.
Source: Google Cloud Security Bulletins