PT-2026-6799 · Unknown+1 · Agentspace+2
Omer Amiad
·
Published
2026-02-06
·
Updated
2026-04-20
·
CVE-2026-1727
CVSS v4.0
9.1
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear |
Name of the Vulnerable Software and Affected Versions
Agentspace versions prior to December 12th, 2025
Description
The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and temporary staging during data imports from Google Cloud Storage and Cloud SQL. An attacker could exploit this by performing "bucket squatting," creating these buckets before legitimate users, potentially gaining access to data.
Recommendations
Update to a version released after December 12th, 2025.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agentspace
Cloud Sql
Google Cloud Storage