unit42 · Crawled Jul 5, 2026

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

3 IoCs
Read original article ↗

AI Summary

A vulnerability in the Google Cloud Vertex AI Python SDK versions 1.139.0 and 1.140.0 allowed attackers to hijack model uploads via bucket squatting, leading to cross-tenant remote code execution (RCE). By predicting and preemptively creating a default staging bucket, an attacker could intercept and replace legitimate model artifacts with malicious payloads exploiting pickle deserialization. The victim's model deployment would then execute the attacker's code, enabling credential theft and lateral movement within Google Cloud environments.

AI-extracted · verify before operational use

Indicators of Compromise 3 extracted

Type Value Detail
Package google-cloud-aiplatform Details →
Filename model.joblib Details →
Filename gcs_utils.py Details →