CVE-2026-1727
Unknown Unknown - Not Provided
Predictable GCS Bucket Names in Agentspace Enable Data Exposure

Publication date: 2026-02-06

Last updated on: 2026-02-06

Assigner: GoogleCloud

Description
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use. All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1727
EUVD
EUVD-2026-5560
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
agentspace agentspace to 2025-12-12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Agentspace service involved the use of predictable Google Cloud Storage bucket names for error logs and temporary staging during data imports from GCS and Cloud SQL.

Because these bucket names were predictable, an attacker could perform "bucket squatting" by creating these buckets before the legitimate user did, potentially exposing sensitive information.

Impact Analysis

The vulnerability could lead to exposure of sensitive information due to unauthorized access to the predictable storage buckets.

An attacker who successfully squatted on these buckets might access error logs and temporary data staging areas, which could contain confidential or sensitive data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

All versions after December 12th, 2025 have been updated to protect from this vulnerability.

No user action is required for this.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1727. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart