CVE-2026-15143 in OpenShift AIinfo

Summary

by MITRE • 07/10/2026

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/10/2026

This vulnerability exists within the file_type content detector component of guardrails-detectors, a security tool designed to identify and validate file types in content processing workflows. The flaw represents a critical insecure deserialization issue that enables remote code execution through maliciously crafted XML Schema Definition files. Attackers can exploit this weakness by providing arbitrary XSD strings that bypass normal validation checks and are processed with insufficient input sanitization measures.

The technical implementation of this vulnerability stems from inadequate restrictions on XML processing within the content detection pipeline. When the system encounters a file type determination request, it attempts to parse and validate the provided XSD content without proper security boundaries or access controls. This processing behavior creates an attack surface where malicious XML documents can trigger unintended server-side operations including outbound network requests to attacker-controlled domains or local file system access. The vulnerability is particularly dangerous because it operates at the content validation layer, meaning it can be exploited during normal file handling operations without requiring special privileges or authentication.

The operational impact of this vulnerability extends beyond simple information disclosure to encompass potential full system compromise and internal network infiltration. Remote attackers can leverage this weakness to conduct reconnaissance activities by reading local files that contain sensitive configuration data, API keys, or credential information. The ability to perform server-side requests opens pathways for attackers to pivot within internal networks, potentially accessing databases, internal web services, or other critical infrastructure components. This vulnerability directly aligns with CWE-20 and CWE-94 categories, representing both insecure input handling and code injection vulnerabilities that can result in unauthorized access and data breaches.

Organizations utilizing guardrails-detectors should implement immediate mitigations including input validation controls, XML schema restrictions, and network segmentation measures to limit potential attack vectors. Security teams must ensure proper XML parsing configurations are enforced with restricted entity expansion settings and disable external entity processing. The remediation strategy should incorporate principle of least privilege access controls for file system operations and network connectivity restrictions for the content detection components. Additionally, implementing monitoring solutions to detect unusual outbound network requests or suspicious file access patterns can help identify exploitation attempts. This vulnerability demonstrates the importance of secure configuration practices as outlined in MITRE ATT&CK framework's T1059 and T1068 techniques for command execution and privilege escalation attacks.

Responsible

Redhat

Reservation

07/08/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you need the next level of professionalism?

Upgrade your account now!