216.73.216.215

CVE-2026-2244

· Published 26/02/2026 15:17 · Modified 27/02/2026 14:06

Labels: CVE-2026-2244 2026-02-26CVE-2026-2244CWE-200f45cbf4e-4146-4068-b7e1-655ffc2c548c

Essential information

Published
26/02/2026 15:17
Modified
27/02/2026 14:06
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No user action is required for this.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f45cbf4e-4146-4068-b7e1-655ffc2c548c
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / vertex ai cpe:2.3:a:google:vertex_ai:*:7.21.2025-1.30.2026:*:*:*:*:*:*

References