PT-2026-56473 · Red Hat · Red Hat Openshift

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-15063

CVSS v3.1

6.3

Medium

VectorAV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15063

Affected Products

Red Hat Openshift