Strix
26.1K

CVE-2026-1727

CRITICALCVSS 9.1/10EPSS 0.25%

Last modified

CVE-2026-1727 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use. All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this.

Metrics

CVSS 4.0
9.1/10

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear

EPSS Probability
0.25%

16.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2026-1727?
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use. All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
How severe is CVE-2026-1727?
CVE-2026-1727 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2026-1727?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-1727?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST