CVE-2026-15378

Red Hat · OpenShift AI (RHOAI)

A blind SSRF vulnerability in the Red Hat OpenShift AI guardrails-detectors component allows remote attackers to access sensitive internal metadata and local files.

Executive summary

A critical Server-Side Request Forgery (SSRF) flaw in Red Hat OpenShift AI permits unauthenticated attackers to exfiltrate internal credentials and sensitive system data.

Vulnerability

The guardrails-detectors component improperly processes XML Schema Definition (XSD) strings, enabling a blind SSRF attack. This allows an unauthenticated remote attacker to force the server to perform requests to internal endpoints, including cloud metadata services, Kubernetes APIs, and internal services, as well as read local files.

Business impact

This vulnerability carries a CVSS score of 9.3, reflecting the severe potential for unauthorized access to highly sensitive information. An attacker could exfiltrate cloud provider credentials, service account tokens, and pod secrets, effectively bypassing the security perimeter of the container orchestration environment. This level of access could lead to a full cluster compromise and significant data breach.

Remediation

Immediate Action: Update Red Hat OpenShift AI (RHOAI) to the latest version as specified by the vendor’s security advisory.

Proactive Monitoring: Monitor egress traffic from the OpenShift AI environment for anomalous connections to internal metadata or administrative endpoints.

Compensating Controls: Utilize Network Policies to restrict the ability of the guardrails-detectors component to initiate outbound connections to sensitive internal network segments.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Organizations must prioritize applying the latest security updates provided by Red Hat to remediate this SSRF vulnerability. Given the risk of credential theft and cluster-wide compromise, immediate patching is necessary to maintain the integrity of the AI infrastructure.