πŸ” CVE Alert

CVE-2026-2472

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

CWE CWE-79
Vendor google cloud
Product vertex ai sdk for python
Published Feb 20, 2026
Last Updated Feb 27, 2026
Stay Ahead of the Next One

Get instant alerts for google cloud vertex ai sdk for python

Be the first to know when new unknown vulnerabilities affecting google cloud vertex ai sdk for python are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Google Cloud / Vertex AI SDK for Python
1.98.0 < 1.131.0

References

NVD β†— CVE.org β†— EPSS Data β†—
docs.cloud.google.com: https://docs.cloud.google.com/support/bulletins#gcp-2026-011 github.com: https://github.com/JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud

Credits

πŸ” Din AsotiΔ‡