TL;DR
Red Hat has flagged a critical flaw in Red Hat OpenShift AI. Tracked as CVE-2026-15378, it scores 9.3 on CVSS. The bug lets a remote attacker run a blind SSRF and read local files. No exploitation in the wild has been confirmed.
- CVE: CVE-2026-15378
- CVSS: 9.3 (Critical · CVSSv3)
- Product: Red Hat OpenShift AI (RHOAI)
- Impact: Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:)
- Status: No confirmed exploitation yet
- EPSS: 0.4% (30-day)
- Action: See vendor advisory
Why it matters
OpenShift AI runs machine-learning workloads on Kubernetes. It often sits inside sensitive cloud tenants. A blind SSRF there can reach cloud metadata services. From there, an attacker may steal cloud credentials, service account tokens, and pod secrets. That access can open the door to the wider cluster.
How the attack works
The flaw lives in the guardrails-detectors component. Its file_type detector accepts an XML Schema Definition string from the request body. The parser then resolves external schema locations over any URL scheme. As a result, a crafted schema can force the pod to call internal endpoints. Those targets include cloud metadata, the Kubernetes API, and internal MinIO. The same path can read local files, such as secret tokens. We are not publishing the payload.
Exploitation status
Red Hat reports no attacks in the wild so far. No public in-the-wild activity has been confirmed. Still, the 9.3 score makes this urgent. Egress controls cut the risk fast. Patch as soon as a fix lands.
Affected versions
The issue affects the guardrails-detectors code in Red Hat OpenShift AI. Red Hat rates the flaw as Important, with a CVSS score of 9.3. For the exact affected releases, check Red Hat’s advisory page.
Patch and mitigation
Red Hat is tracking fixes through its security process. Apply updates as soon as they ship for your channel. Until then, limit who can reach the detector service. Restrict pod egress to block metadata and internal calls. For the technical detail, read the Red Hat Bugzilla report.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.