Google Vertex AI SDK bucket squatting enables RCE
🔒 A design flaw in the Vertex AI SDK for Python allowed attackers to hijack model staging buckets across projects by predicting bucket names derived from project ID and region. Unit 42 researchers called this class of issue Bucket Squatting, where global bucket name uniqueness enabled pre-creation and silent takeover. The flaw could lead to cross-tenant model poisoning and remote code execution via pickle deserialization. Google issued fixes in SDK versions 1.144.0 and 1.148.0 and users should upgrade.
