{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2244", "assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "state": "PUBLISHED", "assignerShortName": "GoogleCloud", "dateReserved": "2026-02-09T10:55:54.465Z", "datePublished": "2026-02-26T14:14:46.460Z", "dateUpdated": "2026-02-26T14:59:56.045Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vertex AI Workbench", "vendor": "Google Cloud", "versions": [{"lessThan": "01/30/2026", "status": "affected", "version": "7/21/2025", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Moshe Bernstein with Tenable"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><p><span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in Google Cloud Vertex AI Workbench from&nbsp;7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud </span>access tokens of other users via abuse of a built-in startup script.</p></span><span style=\"background-color: rgb(255, 255, 255);\">All instances after January 30th, 2026 have been patched to protect from this vulnerability.&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">No user action is required for this.</span><br>"}], "value": "A vulnerability in Google Cloud Vertex AI Workbench from\u00a07/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script.\n\nAll instances after January 30th, 2026 have been patched to protect from this vulnerability.\u00a0No user action is required for this."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.4, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "CLEAR", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "shortName": "GoogleCloud", "dateUpdated": "2026-02-26T14:14:46.460Z"}, "references": [{"url": "https://docs.cloud.google.com/vertex-ai/docs/workbench/release-notes#February_20_2026"}], "source": {"discovery": "EXTERNAL"}, "title": "Sensitive Data Exposure in Google Cloud Vertex AI Workbench", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:59:28.758768Z", "id": "CVE-2026-2244", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:59:56.045Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Google Cloud Vertex AI Workbench from\u00a07/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script.\n\nAll instances after January 30th, 2026 have been patched to protect from this vulnerability.\u00a0No user action is required for this."}, {"lang": "es", "value": "Una vulnerabilidad en Google Cloud Vertex AI Workbench desde el 21/7/2025 hasta el 30/1/2026 permite a un atacante exfiltrar tokens de acceso v\u00e1lidos de Google Cloud de otros usuarios mediante el abuso de un script de inicio incorporado.\n\nTodas las instancias posteriores al 30 de enero de 2026 han sido parcheadas para protegerse de esta vulnerabilidad. No se requiere ninguna acci\u00f3n del usuario para esto."}], "id": "CVE-2026-2244", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "CLEAR", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "type": "Secondary"}]}, "published": "2026-02-26T15:17:45.250", "references": [{"source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "url": "https://docs.cloud.google.com/vertex-ai/docs/workbench/release-notes#February_20_2026"}], "sourceIdentifier": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7/21/2025,01/30/2026)"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 81.0, "source": "matching"}]}, "original": {"product": "Vertex AI Workbench", "source": "cna", "vendor": "Google Cloud"}, "product": "vertex_ai", "vendor": "google_cloud"}], "analysis": {"en": {"generated_at": "2026-04-17T14:22:26.346584+00:00", "value": {"mitigation_remediation": ["For existing Vertex AI Workbench instances dated between July\u00a02025 and January\u00a02026, terminate and recreate them after January\u00a030\u00a02026 so that the security update is applied.", "Remove or sanitize any startup scripts that may run automatically as part of the workspace configuration to stop tokens from being exposed.", "Review and tighten IAM permissions so that only authorized users can configure or deploy startup scripts, and enable audit logging to detect suspicious activity."], "summary": {"action": "No action", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The issue affected Vertex AI Workbench instances that were active between July\u00a021,\u00a02025 and January\u00a030,\u00a02026. All workbench deployments created after January\u00a030,\u00a02026 have been patched automatically. No explicit version numbers are listed, but any instance launched during the quoted period is considered vulnerable.", "description_and_impact": "A flaw in Google Cloud Vertex AI Workbench allowed an attacker to steal valid Google Cloud access tokens belonging to other users by exploiting a built\u2011in startup script. The vulnerability could lead to unauthorized access to Google Cloud resources, compromising confidentiality and potentially granting the attacker full privilege of the compromised user account. The weakness is classified as sensitive data exposure (CWE\u2011200).", "risk_and_exploitability": "The CVSS score of 8.4 indicates high severity, yet the EPSS score of less than 1% shows a very low likelihood of real\u2011world exploitation at the time of analysis. The vulnerability is not present in the CISA Known Exploited Vulnerabilities catalog. Attackers would need to persuade or compromise a user to supply a malicious startup script or otherwise induce the script execution; the exploit requires language capabilities to read the workbench environment\u2019s credentials. Given the low EPSS and lack of publicly known active exploits, the immediate risk to an organization that maintains the affected period is limited, but the potential impact remains significant if the flaw is leveraged."}}}}, "created": "2026-02-27T09:07:31.275458+00:00", "updated": "2026-04-17T14:30:20.824127+00:00", "vendors": ["google_cloud", "google_cloud$PRODUCT$vertex_ai"]}