CVE-2026-34940

Name of the Vulnerable Software and Affected Versions KubeAI versions prior to 0.23.2

Description The ollamaStartupProbeScript() function in KubeAI constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. The parseModelURL() function uses a regular expression that allows shell metacharacters in the ref component and does not sanitize the modelParam query parameter. This allows for command injection through the model URL or the ?model= query parameter. Successful exploitation could lead to arbitrary command execution within the model server pods, potentially allowing for data exfiltration, compromise of the model serving infrastructure, and lateral movement within a multi-tenant Kubernetes cluster.

Recommendations Replace the bash -c startup probe with either: 1. An exec probe that passes arguments as separate array elements, or 2. Validate and sanitize u.ref and u.modelParam to only allow alphanumeric characters, slashes, colons, dots, and hyphens before interpolating into the shell command.