Threat Intelligence Report

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

📅 June 20, 2026 📰 unit42.paloaltonetworks.com 🔍 0 CVE(s) referenced

A critical vulnerability in Google Cloud Vertex AI's Python SDK allowed attackers to hijack model uploads via bucket squatting, enabling remote code execution and cross-tenant compromise without any access to the victim's project, until Google patched the flaw in April 2026.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle