Description
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script.

All instances after January 30th, 2026 have been patched to protect from this vulnerability. No user action is required for this.
Published: 2026-02-26
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: No action
AI Analysis

Impact

A flaw in Google Cloud Vertex AI Workbench allowed an attacker to steal valid Google Cloud access tokens belonging to other users by exploiting a built‑in startup script. The vulnerability could lead to unauthorized access to Google Cloud resources, compromising confidentiality and potentially granting the attacker full privilege of the compromised user account. The weakness is classified as sensitive data exposure (CWE‑200).

Affected Systems

The issue affected Vertex AI Workbench instances that were active between July 21, 2025 and January 30, 2026. All workbench deployments created after January 30, 2026 have been patched automatically. No explicit version numbers are listed, but any instance launched during the quoted period is considered vulnerable.

Risk and Exploitability

The CVSS score of 8.4 indicates high severity, yet the EPSS score of less than 1% shows a very low likelihood of real‑world exploitation at the time of analysis. The vulnerability is not present in the CISA Known Exploited Vulnerabilities catalog. Attackers would need to persuade or compromise a user to supply a malicious startup script or otherwise induce the script execution; the exploit requires language capabilities to read the workbench environment’s credentials. Given the low EPSS and lack of publicly known active exploits, the immediate risk to an organization that maintains the affected period is limited, but the potential impact remains significant if the flaw is leveraged.

Generated by OpenCVE AI on April 17, 2026 at 14:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • For existing Vertex AI Workbench instances dated between July 2025 and January 2026, terminate and recreate them after January 30 2026 so that the security update is applied.
  • Remove or sanitize any startup scripts that may run automatically as part of the workspace configuration to stop tokens from being exposed.
  • Review and tighten IAM permissions so that only authorized users can configure or deploy startup scripts, and enable audit logging to detect suspicious activity.

Generated by OpenCVE AI on April 17, 2026 at 14:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Google Cloud
Google Cloud vertex Ai
Vendors & Products Google Cloud
Google Cloud vertex Ai

Thu, 26 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No user action is required for this.
Title Sensitive Data Exposure in Google Cloud Vertex AI Workbench
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Clear'}

Subscriptions

Google Cloud Vertex Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published:

Updated: 2026-02-26T14:59:56.045Z

Reserved: 2026-02-09T10:55:54.465Z

Link: CVE-2026-2244

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-26T15:17:45.250

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2244

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:30:20Z

Weaknesses