CVE-2026-15378 in OpenShift AIinfo

Summary

by MITRE • 07/10/2026

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/10/2026

This vulnerability resides within the guardrails-detectors component where a flaw has been identified that permits remote attackers to execute blind server-side request forgery attacks through manipulated XML Schema Definition XSD strings. The technical implementation allows an attacker to craft malicious XSD content that, when processed by the vulnerable system, triggers unintended network requests from the server side. This blind SSRF capability operates without direct response visibility from the target systems, making detection more challenging and exploitation potentially more dangerous.

The operational impact of this vulnerability extends far beyond simple data exfiltration, as it provides attackers with access to critical internal services and resources that are typically isolated from external networks. Cloud metadata services such as AWS EC2 metadata, GCP instance metadata, and Azure Instance Metadata Service become accessible through these blind requests, potentially exposing sensitive credentials, access keys, and instance configuration details. Kubernetes API endpoints can be targeted to gather cluster information, service accounts, and pod configurations that may contain additional authentication tokens or secrets. Internal MinIO instances and other network-based services remain vulnerable to reconnaissance and potential exploitation.

The vulnerability's ability to enable local file reads represents a particularly concerning aspect of this flaw, as it allows attackers to access critical system files containing service account tokens, pod secrets, and other sensitive information stored in standard Kubernetes locations. This dual capability of network-based SSRF and local file reading creates a comprehensive attack surface that can compromise both cloud infrastructure and internal application security boundaries.

Security professionals should consider implementing strict input validation and sanitization measures for all XSD processing within the guardrails-detectors component. Network segmentation and firewall rules should be configured to restrict outbound connections from vulnerable systems, particularly to internal metadata services and critical network endpoints. The implementation of a robust web application firewall with SSRF protection capabilities becomes essential in preventing unauthorized requests from reaching internal targets. Additionally, organizations should consider implementing principle of least privilege access controls for service accounts and ensure that sensitive information is not exposed through metadata services or internal APIs.

This vulnerability aligns with CWE-918 which specifically addresses Server-Side Request Forgery vulnerabilities, and maps to ATT&CK technique T1071.004 for application layer protocol usage involving XML processing and T1566 for credential access through network-based reconnaissance. The combination of blind SSRF capabilities with local file reading demonstrates how seemingly isolated vulnerabilities can create comprehensive attack paths that bypass traditional network security controls and expose critical infrastructure components to unauthorized access.

Organizations should prioritize immediate remediation of this vulnerability through code-level fixes that prevent untrusted XSD content from triggering network requests, along with comprehensive network monitoring to detect anomalous outbound traffic patterns. Regular security assessments should include testing for similar vulnerabilities in other XML processing components and ensure proper input validation mechanisms are implemented across all application layers that handle external data inputs.

Responsible

Redhat

Reservation

07/10/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!