PT-2026-57201 · Red Hat+1 · Openshift Ai+1

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-15143

CVSS v3.1

9.3

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions guardrails-detectors (affected versions not specified)
Description A flaw exists in the file type content detector that allows a remote attacker to provide an arbitrary XML Schema Definition (XSD) string. Because the XSD is processed without proper restrictions, it can lead to Server-Side Request Forgery (SSRF), where the server is forced to make requests to arbitrary URLs, or local file reads. This may result in the disclosure of sensitive information, such as cloud provider credentials via metadata endpoints or access to internal network services.
Recommendations Apply the Red Hat OpenShift AI update that addresses this issue.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15143

Affected Products

Openshift Ai
Guardrails-Detectors