Omer Amiad

**Name of the Vulnerable Software and Affected Versions** Google Cloud Vertex AI versions 1.21.0 through 1.132.9 **Description** A flaw exists in Vertex AI Experiments within Google Cloud Vertex AI that could allow a remote, unauthenticated attacker to execute code, steal models, and poison data. This is possible by pre-creating predictably named Cloud Storage buckets, a technique known as Bucket Squatting. **Recommendations** Update to version 1.133.0 or later.

**Name of the Vulnerable Software and Affected Versions** Agentspace versions prior to December 12th, 2025 **Description** The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and temporary staging during data imports from Google Cloud Storage and Cloud SQL. An attacker could exploit this by performing "bucket squatting," creating these buckets before legitimate users, potentially gaining access to data. **Recommendations** Update to a version released after December 12th, 2025.

**Name of the Vulnerable Software and Affected Versions** Apigee-X versions prior to 1-16-0-apigee-3 **Description** A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. The issue involves cross-tenant access, potentially exposing sensitive information such as JSON Web Tokens (JWTs) of end users. **Recommendations** Update to version 1-16-0-apigee-3 or later.