Project Subscriptions
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 14 Jul 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Red Hat
Red Hat red Hat Openshift Ai (rhoai) |
|
| Vendors & Products |
Red Hat
Red Hat red Hat Openshift Ai (rhoai) |
Fri, 10 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Fri, 10 Jul 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets. | |
| Title | Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) | |
| First Time appeared |
Redhat
Redhat openshift Ai |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:/a:redhat:openshift_ai | |
| Vendors & Products |
Redhat
Redhat openshift Ai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-14T01:37:07.099Z
Reserved: 2026-07-10T08:57:01.261Z
Link: CVE-2026-15378
Updated: 2026-07-14T01:37:02.782Z
No data.
OpenCVE Enrichment
Updated: 2026-07-13T20:15:16Z