CVE-2026-34940 in kubeaiالمعلومات

الملخص

بحسب MITRE • 06/04/2026

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

مسؤول

GitHub M

حجز

31/03/2026

إفشاء

06/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-355526

EPSS

0.00448

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to know what is going to be exploited?

We predict KEV entries!