CVE-2026-2472

CVSS v4.0

8.6

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber

Stored Cross-Site Scripting (XSS) in the genai/ evals visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-2472

Affected Products

Vertex Ai Sdk For Python

CVE-2026-2472

Weakness Enumeration

Related Identifiers

Affected Products

References · 2