Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

doode Blog

RSS 𝕏 f ▶

No current banned IPs (last update: 2026-06-19 13:08) <a href="/attacks/">Full report</a>

doode Blog

Home / Tech / Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 16, 2026 dirk 0 Comments 3 tags

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure.

Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “Pickle in the Middle” and said it saw no exploitation in the wild.

Source: The Hacker News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Leave a Reply Cancel reply

Explore More

Leaked financial docs show OpenAI is losing billions of dollars a year

After AI Takes Everything

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit