PT-2026-28270 · Red Hat · Red Hat Openshift Ai (Rhoai) Llama-Stack-Operator
Published
2026-03-26
·
Updated
2026-03-27
·
CVE-2025-12805
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat OpenShift AI (RHOAI) llama-stack-operator (affected versions not specified)
Description
A flaw exists in Red Hat OpenShift AI (RHOAI) llama-stack-operator that allows unauthorized access to Llama Stack services deployed in other namespaces through direct network requests. This occurs because no NetworkPolicy restricts access to the llama-stack service endpoint. Consequently, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openshift Ai (Rhoai) Llama-Stack-Operator