Description
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
Published: 2026-02-20
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote script execution in victim Jupyter/Colab environment
Action: Patch Now
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw in the _genai/_evals_visualization component of the Google Cloud Vertex AI Python SDK. It allows any unauthenticated remote actor to embed benign‑looking escape sequences into the model evaluation results or dataset JSON that are later rendered in a victim's Jupyter or Colab session. The embedded JavaScript can then execute in the context of the victim's environment, enabling actions such as reading cookies, tampering with page content, or exfiltrating sensitive data. The flaw is classified as a CWE‑79 XSS weakness.

Affected Systems

Google Cloud Vertex AI SDK for Python, versions 1.98.0 through 1.130.x inclusive, is affected. The vulnerability does not apply to releases prior to 1.98.0 or to 1.131.0 and newer.

Risk and Exploitability

Based on the description, the attack vector is an unauthenticated attacker injecting script escape sequences into model evaluation results or dataset JSON, which is then displayed in a victim's Jupyter or Colab environment. The CVSS score of 8.6 classifies the flaw as high severity, while the EPSS score of less than 1% indicates a low current probability of exploitation. The CVE is not listed in CISA's KEV catalog. If exploited, arbitrary JavaScript execution in the victim's browser can lead to data theft, session hijacking, or manipulation of the analysis workflow.

Generated by OpenCVE AI on April 17, 2026 at 17:13 UTC.

Remediation

Vendor Solution

Customers will need to update their google-cloud-aiplatform Python SDK to version 1.131.0 (released on 2025-12-16) or later to receive the fix.

OpenCVE Recommended Actions

  • Upgrade to google-cloud-aiplatform version 1.131.0 or later to obtain the fix.
  • Limit dataset uploads and model evaluation result submissions to trusted users or sources to reduce the chance of malicious content being stored.
  • Ensure that any custom visualization code sanitizes or escapes content before rendering JavaScript‑aware elements in Jupyter or Colab.

Generated by OpenCVE AI on April 17, 2026 at 17:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qv8j-hgpc-vrq8 Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)
History

Fri, 27 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 23 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Google Cloud
Google Cloud vertex Ai Sdk For Python
Vendors & Products Google Cloud
Google Cloud vertex Ai Sdk For Python

Sat, 21 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

threat_severity

Important

Fri, 20 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
Description Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
Title Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber'}

Subscriptions

Google Cloud Vertex Ai Sdk For Python
cve-icon MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published:

Updated: 2026-02-27T17:38:41.190Z

Reserved: 2026-02-13T15:38:12.195Z

Link: CVE-2026-2472

cve-icon Vulnrichment

Updated: 2026-02-27T17:38:41.190Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T20:25:24.307

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2472

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-20T19:29:12Z

Links: CVE-2026-2472 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:15:23Z

Weaknesses