Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 17, 2026 | 08:59 UTC
4021 CVEs This Month
15 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Vulnerabilities

Google Vertex AI SDK Flaw Allowed Model Upload Hijacking via Bucket Squatting

Thirumala Rao Padilam Thirumala Rao Padilam June 17, 2026
Google Vertex AI SDK Flaw Allowed Model Upload Hijacking via Bucket Squatting

Researchers from Palo Alto Networks Unit 42 discovered a critical flaw in Google Cloud’s Vertex AI SDK for Python that allowed attackers without access to hijack machine learning model uploads and execute code within Google's serving infrastructure. The vulnerability, dubbed 'Pickle in the Middle,' was responsibly disclosed through Google’s bug bounty program and has no known exploitation in the wild.

What happened

Palo Alto Networks Unit 42 identified a security flaw in the Google Cloud Vertex AI SDK for Python that permitted an attacker, with no prior access to a victim’s cloud project, to intercept and hijack the upload process of machine learning models. This hijacking could allow the attacker to execute arbitrary code inside the infrastructure responsible for serving these models, which potentially compromises the security of the hosting environment.

The vulnerability was reported to Google through its bug bounty program. Unit 42 named the exploitation technique "Pickle in the Middle," referencing the Python serialization format 'pickle' involved in the attack vector. According to the researchers, there are no indications that this exploit was used maliciously in real-world scenarios to date.

Why it matters

Machine learning models hosted on cloud platforms like Google Vertex AI are integral in many enterprise and research applications, making their security paramount. A vulnerability that grants attackers code execution capabilities within the serving infrastructure could lead to unauthorized access, manipulation of models, or broader compromise of cloud resources.

This issue reveals potential risks in the model deployment process, especially regarding how serialized objects like 'pickle' are handled. Such vulnerabilities highlight the need for stringent validation and access controls within AI model hosting services, safeguarding both user data and computational resources from unauthorized interference.

What security teams should do

Security teams using Google Cloud Vertex AI should verify that their environments are running updated and patched versions of the SDK to mitigate this vulnerability. Reviewing permissions and configurations related to model upload processes is advisable to ensure no unauthorized access paths are possible.

Teams are encouraged to follow guidance from Google regarding the application of security updates and to monitor their Vertex AI usage closely for any unusual activity related to model uploads. While no exploitation has been observed, maintaining vigilance and applying defence-in-depth strategies remain best practices.

Key technical details

The vulnerability involves the Python SDK component for Google Cloud Vertex AI, where an attacker exploits serialization mechanisms, specifically the Python 'pickle' protocol, to hijack the uploading of machine learning models. This is facilitated by a technique dubbed "Pickle in the Middle," which leverages bucket squatting to intercept or control the data exchanged during the model upload phase.

By inserting malicious payloads within the serialized data, an attacker can execute arbitrary code on the backend infrastructure responsible for serving the AI models. The flaw does not require the attacker to have prior access credentials to the victim’s Google Cloud project, increasing its potential severity if left unpatched.

Affected organizations/products

The vulnerability affects users of the Google Cloud Vertex AI SDK for Python who perform machine learning model uploads. No specific affected versions or timelines were disclosed. Palo Alto Networks Unit 42 reported the issue to Google, and no exploitation in the wild has been detected so far.

Source attribution

https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!