PT-2026-57144 · Unknown+1 · Guardrails-Detectors+2
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-15378
CVSS v3.1
9.3
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
guardrails-detectors (affected versions not specified)
Red Hat Enterprise Linux (affected versions not specified)
Red Hat OpenShift AI (affected versions not specified)
Description
A flaw in the
guardrails-detectors component allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This issue enables unauthorized access to sensitive information, such as credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Furthermore, it allows for local file reads of critical data, including service account tokens and pod secrets.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat
Red Hat Openshift
Guardrails-Detectors