PT-2026-57144 · Unknown+1 · Guardrails-Detectors+2

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-15378

CVSS v3.1

9.3

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions guardrails-detectors (affected versions not specified) Red Hat Enterprise Linux (affected versions not specified) Red Hat OpenShift AI (affected versions not specified)
Description A flaw in the guardrails-detectors component allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This issue enables unauthorized access to sensitive information, such as credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Furthermore, it allows for local file reads of critical data, including service account tokens and pod secrets.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15378

Affected Products

Red Hat
Red Hat Openshift
Guardrails-Detectors