CVE-2026-2473 is a vulnerability identified in Google Cloud's Vertex AI Experiments product, specifically affecting versions from 1.21.0 up to but not including 1.133.0. The root cause is the generation of predictable Cloud Storage bucket names used by Vertex AI Experiments, which allows an unauthenticated remote attacker to preemptively create these buckets (a technique known as bucket squatting). By controlling these buckets, attackers can execute cross-tenant remote code execution, steal AI models, or poison models used by other tenants. This vulnerability is categorized under CWE-340, indicating weak or predictable identifier generation. The attack vector is network-based with no privileges required, but user interaction is necessary to trigger the exploit. The vulnerability affects the confidentiality, integrity, and availability of AI workloads and data stored or processed via Vertex AI Experiments. Google has addressed this vulnerability in versions 1.133.0 and later, and no active exploits have been reported in the wild. The CVSS 4.0 score of 7.7 reflects the high impact and relative ease of exploitation given the lack of authentication requirements. This vulnerability highlights the critical importance of secure resource naming and access controls in cloud AI services.

The impact of CVE-2026-2473 is significant for organizations using Google Cloud Vertex AI Experiments. Successful exploitation can lead to unauthorized remote code execution across tenants, allowing attackers to execute arbitrary code within the cloud environment. This compromises the confidentiality of AI models, enabling theft of proprietary or sensitive intellectual property. Additionally, attackers can poison models, degrading the integrity and reliability of AI-driven decisions and outputs. Availability can also be affected if attackers disrupt AI workflows or corrupt stored data. The cross-tenant nature of the attack increases the risk of widespread damage in multi-tenant cloud environments. Organizations relying on Vertex AI for critical AI workloads, especially those in regulated industries or handling sensitive data, face risks of data breaches, intellectual property loss, and operational disruption. The vulnerability's exploitation could undermine trust in cloud AI services and result in financial and reputational damage.

To mitigate CVE-2026-2473, organizations should immediately verify their Vertex AI Experiments version and upgrade to version 1.133.0 or later, where the vulnerability is patched. Beyond upgrading, organizations should audit their Google Cloud Storage bucket naming policies to ensure unpredictability and avoid predictable patterns that could be exploited. Implement strict IAM policies to restrict bucket creation and access permissions, limiting the ability of unauthorized users to create or control buckets. Employ monitoring and alerting on unusual bucket creation activities and access patterns to detect potential bucket squatting attempts early. Use Google Cloud's security tools such as Cloud Security Command Center to identify misconfigurations or suspicious activities related to AI experiments and storage buckets. Additionally, consider isolating AI workloads in dedicated projects or VPCs to reduce cross-tenant attack surfaces. Regularly review and update security configurations in line with Google Cloud best practices for AI and storage services. Finally, educate development and operations teams about the risks of predictable resource naming and enforce secure coding and deployment standards.