Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for openshift_ai by redhat

    CVE-2026-42271 (GCVE-0-2026-42271)

    Vulnerability from nvd – Published: 2026-05-08 03:35 – Updated: 2026-06-30 12:08
    VLAI CISA KEVIntel
    Title
    LiteLLM: Authenticated command execution via MCP stdio test endpoints
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42271",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T03:55:26.815Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-08T00:00:00.000Z",
                "value": "CVE-2026-42271 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-08T03:35:16.758Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in LiteLLM, a proxy server (AI Gateway) for Large Language Model (LLM) APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user keys, could exploit this by sending a crafted configuration. This allows for arbitrary command execution on the proxy host with the privileges of the proxy process."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:42.458Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42271"
              },
              {
                "name": "RHBZ#2467924",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467924"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42271.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28960"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30056"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27784"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:28960: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30056: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27784: Red Hat OpenShift AI 3.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-08T04:02:12.169Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-08T03:35:16.758Z",
                "value": "Made public."
              }
            ],
            "title": "litellm: LiteLLM: Authenticated command execution via MCP stdio test endpoints",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.74.2, \u003c 1.83.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it \u2014 POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list \u2014 accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user \u2014 including holders of low-privilege internal-user keys \u2014 could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T03:35:16.758Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-v4p8-mg3p-g94g",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Authenticated command execution via MCP stdio test endpoints"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42271",
        "datePublished": "2026-05-08T03:35:16.758Z",
        "dateReserved": "2026-04-26T11:53:27.707Z",
        "dateUpdated": "2026-06-30T12:08:42.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5483 (GCVE-0-2026-5483)

    Vulnerability from nvd – Published: 2026-04-10 17:33 – Updated: 2026-06-30 12:11
    VLAI
    Title
    Odh-dashboard: odh dashboard kubernetes service account exposure
    Summary
    A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:7397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7398 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7403 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7404 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5483 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2454764 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift AI 2.16 Unaffected: 1775230902 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1775234711 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.2 Unaffected: 1775523049 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1775239958 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.16     cpe:/a:redhat:openshift_ai:2.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25     cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.2     cpe:/a:redhat:openshift_ai:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3     cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Date Public
    2026-04-10 17:16
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T18:33:58.848733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T18:34:06.822Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-10T17:16:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:11:16.457Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-5483"
              },
              {
                "name": "RHBZ#2454764",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5483.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7397"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7398"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7404"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7403"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7397: Red Hat OpenShift AI 2.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7398: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7404: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7403: Red Hat OpenShift AI 3.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-03T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-10T17:16:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "odh-dashboard: ODH Dashboard Kubernetes Service Account Exposure",
            "workarounds": [
              {
                "lang": "en",
                "value": "If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.16::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel8",
              "product": "Red Hat OpenShift AI 2.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775230902",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.25::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI 2.25",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775234711",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:3.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI 3.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775523049",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:3.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI 3.3",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775239958",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-gen-ai-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-maas-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-04-10T17:16:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T05:20:59.210Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7397"
            },
            {
              "name": "RHSA-2026:7398",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7398"
            },
            {
              "name": "RHSA-2026:7403",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7403"
            },
            {
              "name": "RHSA-2026:7404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7404"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5483"
            },
            {
              "name": "RHBZ#2454764",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-03T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-10T17:16:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Odh-dashboard: odh dashboard kubernetes service account exposure",
          "workarounds": [
            {
              "lang": "en",
              "value": "If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-201: Insertion of Sensitive Information Into Sent Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5483",
        "datePublished": "2026-04-10T17:33:25.055Z",
        "dateReserved": "2026-04-03T12:27:18.589Z",
        "dateUpdated": "2026-06-30T12:11:16.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12805 (GCVE-0-2025-12805)

    Vulnerability from nvd – Published: 2026-03-26 21:48 – Updated: 2026-03-31 03:55
    VLAI
    Title
    Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
    Summary
    A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-653 - Improper Isolation or Compartmentalization
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:2106 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:2695 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12805 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2413101 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Date Public
    2025-12-31 23:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12805",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T03:55:34.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.25::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-llama-stack-k8s-operator-rhel9",
              "product": "Red Hat OpenShift AI 2.25",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.25::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-llama-stack-k8s-operator-rhel9",
              "product": "Red Hat OpenShift AI 2.25",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-12-31T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user\u2019s Llama Stack instance and potentially view or manipulate sensitive data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-653",
                  "description": "Improper Isolation or Compartmentalization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:48:16.762Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:2106",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2106"
            },
            {
              "name": "RHSA-2026:2695",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2695"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12805"
            },
            {
              "name": "RHBZ#2413101",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413101"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-06T13:38:39.035Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-12-31T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-653: Improper Isolation or Compartmentalization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12805",
        "datePublished": "2026-03-26T21:48:16.762Z",
        "dateReserved": "2025-11-06T13:48:05.305Z",
        "dateUpdated": "2026-03-31T03:55:34.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7557 (GCVE-0-2024-7557)

    Vulnerability from nvd – Published: 2024-08-08 21:33 – Updated: 2026-03-19 16:43
    VLAI
    Title
    Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai
    Summary
    A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 2.8.* (semver)
    Affected: 2.11 (semver)
    Unaffected: a122ad06a297f4e8b2a065eece910aa882cc3fa6 (git)
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Data Science (RHODS)     cpe:/a:redhat:openshift_data_science
    Create a notification for this product.
    Date Public
    2024-08-07 00:00
    Credits
    Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7557",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T13:52:08.137088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T13:52:27.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/opendatahub-io/odh-dashboard",
              "defaultStatus": "unknown",
              "packageName": "odh-dashboard",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8.*",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.11",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "a122ad06a297f4e8b2a065eece910aa882cc3fa6",
                  "versionType": "git"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-dashboard-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-model-controller-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_science"
              ],
              "defaultStatus": "affected",
              "packageName": "rhods/odh-dashboard-rhel8",
              "product": "Red Hat OpenShift Data Science (RHODS)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_science"
              ],
              "defaultStatus": "affected",
              "packageName": "rhods/odh-model-controller-rhel8",
              "product": "Red Hat OpenShift Data Science (RHODS)",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue."
            }
          ],
          "datePublic": "2024-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-19T16:43:45.729Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7557"
            },
            {
              "name": "RHBZ#2303094",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303094"
            },
            {
              "url": "https://github.com/opendatahub-io/odh-dashboard/pull/3198"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-06T10:31:41.202Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-08-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7557",
        "datePublished": "2024-08-08T21:33:14.505Z",
        "dateReserved": "2024-08-06T11:08:34.986Z",
        "dateUpdated": "2026-03-19T16:43:45.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42271 (GCVE-0-2026-42271)

    Vulnerability from cvelistv5 – Published: 2026-05-08 03:35 – Updated: 2026-06-30 12:08
    VLAI CISA KEVIntel
    Title
    LiteLLM: Authenticated command execution via MCP stdio test endpoints
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42271",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T03:55:26.815Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-08T00:00:00.000Z",
                "value": "CVE-2026-42271 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-08T03:35:16.758Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in LiteLLM, a proxy server (AI Gateway) for Large Language Model (LLM) APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user keys, could exploit this by sending a crafted configuration. This allows for arbitrary command execution on the proxy host with the privileges of the proxy process."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:42.458Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42271"
              },
              {
                "name": "RHBZ#2467924",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467924"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42271.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28960"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30056"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27784"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:28960: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30056: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27784: Red Hat OpenShift AI 3.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-08T04:02:12.169Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-08T03:35:16.758Z",
                "value": "Made public."
              }
            ],
            "title": "litellm: LiteLLM: Authenticated command execution via MCP stdio test endpoints",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.74.2, \u003c 1.83.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it \u2014 POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list \u2014 accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user \u2014 including holders of low-privilege internal-user keys \u2014 could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T03:35:16.758Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-v4p8-mg3p-g94g",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Authenticated command execution via MCP stdio test endpoints"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42271",
        "datePublished": "2026-05-08T03:35:16.758Z",
        "dateReserved": "2026-04-26T11:53:27.707Z",
        "dateUpdated": "2026-06-30T12:08:42.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5483 (GCVE-0-2026-5483)

    Vulnerability from cvelistv5 – Published: 2026-04-10 17:33 – Updated: 2026-06-30 12:11
    VLAI
    Title
    Odh-dashboard: odh dashboard kubernetes service account exposure
    Summary
    A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:7397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7398 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7403 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7404 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5483 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2454764 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift AI 2.16 Unaffected: 1775230902 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1775234711 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.2 Unaffected: 1775523049 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1775239958 , < * (rpm)
        cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.16     cpe:/a:redhat:openshift_ai:2.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25     cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.2     cpe:/a:redhat:openshift_ai:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3     cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Date Public
    2026-04-10 17:16
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T18:33:58.848733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T18:34:06.822Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-10T17:16:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:11:16.457Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-5483"
              },
              {
                "name": "RHBZ#2454764",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5483.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7397"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7398"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7404"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7403"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7397: Red Hat OpenShift AI 2.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7398: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7404: Red Hat OpenShift AI 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7403: Red Hat OpenShift AI 3.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-03T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-10T17:16:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "odh-dashboard: ODH Dashboard Kubernetes Service Account Exposure",
            "workarounds": [
              {
                "lang": "en",
                "value": "If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.16::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel8",
              "product": "Red Hat OpenShift AI 2.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775230902",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.25::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI 2.25",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775234711",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:3.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI 3.2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775523049",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:3.3::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI 3.3",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1775239958",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-gen-ai-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-maas-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-04-10T17:16:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T05:20:59.210Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:7397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7397"
            },
            {
              "name": "RHSA-2026:7398",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7398"
            },
            {
              "name": "RHSA-2026:7403",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7403"
            },
            {
              "name": "RHSA-2026:7404",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:7404"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5483"
            },
            {
              "name": "RHBZ#2454764",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-03T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-10T17:16:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Odh-dashboard: odh dashboard kubernetes service account exposure",
          "workarounds": [
            {
              "lang": "en",
              "value": "If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-201: Insertion of Sensitive Information Into Sent Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5483",
        "datePublished": "2026-04-10T17:33:25.055Z",
        "dateReserved": "2026-04-03T12:27:18.589Z",
        "dateUpdated": "2026-06-30T12:11:16.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12805 (GCVE-0-2025-12805)

    Vulnerability from cvelistv5 – Published: 2026-03-26 21:48 – Updated: 2026-03-31 03:55
    VLAI
    Title
    Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
    Summary
    A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-653 - Improper Isolation or Compartmentalization
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:2106 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:2695 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12805 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2413101 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Date Public
    2025-12-31 23:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12805",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T03:55:34.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.25::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-llama-stack-k8s-operator-rhel9",
              "product": "Red Hat OpenShift AI 2.25",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai:2.25::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-llama-stack-k8s-operator-rhel9",
              "product": "Red Hat OpenShift AI 2.25",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-dashboard-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-12-31T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user\u2019s Llama Stack instance and potentially view or manipulate sensitive data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-653",
                  "description": "Improper Isolation or Compartmentalization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:48:16.762Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:2106",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2106"
            },
            {
              "name": "RHSA-2026:2695",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2695"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12805"
            },
            {
              "name": "RHBZ#2413101",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413101"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-06T13:38:39.035Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-12-31T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-653: Improper Isolation or Compartmentalization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12805",
        "datePublished": "2026-03-26T21:48:16.762Z",
        "dateReserved": "2025-11-06T13:48:05.305Z",
        "dateUpdated": "2026-03-31T03:55:34.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-7557 (GCVE-0-2024-7557)

    Vulnerability from cvelistv5 – Published: 2024-08-08 21:33 – Updated: 2026-03-19 16:43
    VLAI
    Title
    Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai
    Summary
    A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 2.8.* (semver)
    Affected: 2.11 (semver)
    Unaffected: a122ad06a297f4e8b2a065eece910aa882cc3fa6 (git)
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Data Science (RHODS)     cpe:/a:redhat:openshift_data_science
    Create a notification for this product.
    Date Public
    2024-08-07 00:00
    Credits
    Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7557",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T13:52:08.137088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T13:52:27.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/opendatahub-io/odh-dashboard",
              "defaultStatus": "unknown",
              "packageName": "odh-dashboard",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8.*",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.11",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "a122ad06a297f4e8b2a065eece910aa882cc3fa6",
                  "versionType": "git"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-dashboard-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-model-controller-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_science"
              ],
              "defaultStatus": "affected",
              "packageName": "rhods/odh-dashboard-rhel8",
              "product": "Red Hat OpenShift Data Science (RHODS)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_science"
              ],
              "defaultStatus": "affected",
              "packageName": "rhods/odh-model-controller-rhel8",
              "product": "Red Hat OpenShift Data Science (RHODS)",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue."
            }
          ],
          "datePublic": "2024-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-19T16:43:45.729Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7557"
            },
            {
              "name": "RHBZ#2303094",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303094"
            },
            {
              "url": "https://github.com/opendatahub-io/odh-dashboard/pull/3198"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-06T10:31:41.202Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-08-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7557",
        "datePublished": "2024-08-08T21:33:14.505Z",
        "dateReserved": "2024-08-06T11:08:34.986Z",
        "dateUpdated": "2026-03-19T16:43:45.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }