CVE-2026-2244
Access Token Exfiltration via Startup Script in Google Cloud Vertex AI
Publication date: 2026-02-26
Last updated on: 2026-02-26
Assigner: GoogleCloud
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloud_vertex_ai_workbench | to 2026-01-30 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Google Cloud Vertex AI Workbench versions from July 21, 2025, to January 30, 2026. It allows an attacker to exfiltrate valid Google Cloud access tokens belonging to other users by abusing a built-in startup script.
The vulnerability has been patched in all instances after January 30, 2026, and no user action is required for protection.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can steal valid Google Cloud access tokens of other users. This could allow unauthorized access to Google Cloud resources and services that the compromised tokens have permissions for, potentially leading to data breaches, unauthorized operations, or further attacks within the cloud environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
All instances of Google Cloud Vertex AI Workbench after January 30th, 2026 have been patched to protect from this vulnerability.
No user action is required for instances updated after this date.