CVE-2026-34940 in kubeaithông tin

Tóm tắt

Bởi MITRE • 06/04/2026

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

chịu trách nhiệm

GitHub M

Đặt trước

31/03/2026

Tiết lộ

06/04/2026

Kiểm duyệt

được chấp nhận

EPSS

0.00448

KEV

không

Các hoạt động

rất thấp

Nguồn

Want to stay up to date on a daily basis?

Enable the mail alert feature now!