CVE-2026-15143
Red Hat · OpenShift AI (RHOAI)
A Server-Side Request Forgery vulnerability in the Red Hat OpenShift AI guardrails-detectors component permits unauthorized internal network requests and local file reading.
Executive summary
An unauthenticated SSRF vulnerability in Red Hat OpenShift AI allows remote attackers to access internal services and sensitive files, posing a severe risk to the deployment.
Vulnerability
The file_type content detector within the guardrails-detectors component fails to restrict the processing of arbitrary XML Schema Definition (XSD) strings. This oversight allows an unauthenticated remote attacker to conduct SSRF attacks, resulting in unauthorized requests to arbitrary URLs or the reading of local files.
Business impact
With a CVSS score of 9.3, this vulnerability represents a critical security risk to the integrity and confidentiality of the OpenShift AI deployment. By enabling attackers to read local files and query internal network services, the flaw could facilitate the theft of cloud provider credentials and other sensitive system secrets. This could lead to broader unauthorized access within the cloud environment.
Remediation
Immediate Action: Update the Red Hat OpenShift AI (RHOAI) software to the most current version provided by the vendor.
Proactive Monitoring: Review system and access logs for suspicious requests involving XSD processing or unexpected outbound connection attempts from the application.
Compensating Controls: Implement strict network segmentation and egress filtering to prevent unauthorized outbound communication from the vulnerable component to internal or external endpoints.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The severity of this vulnerability necessitates immediate action to patch the affected OpenShift AI components. Security teams should ensure the latest updates are applied across all affected environments to mitigate the risk of SSRF-based information disclosure and credential theft.