unit42 · Crawled Jul 5, 2026
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
3 IoCs
Read original article ↗
AI Summary
A vulnerability in the Google Cloud Vertex AI Python SDK versions 1.139.0 and 1.140.0 allowed attackers to hijack model uploads via bucket squatting, leading to cross-tenant remote code execution (RCE). By predicting and preemptively creating a default staging bucket, an attacker could intercept and replace legitimate model artifacts with malicious payloads exploiting pickle deserialization. The victim's model deployment would then execute the attacker's code, enabling credential theft and lateral movement within Google Cloud environments.
AI-extracted · verify before operational use