A critical blind Server-Side Request Forgery flaw in the guardrails-detectors component of Red Hat OpenShift AI lets unauthenticated remote attackers reach internal services and read sensitive local files.
What Is It
CVE-2026-15378 is a blind Server-Side Request Forgery (SSRF) vulnerability (CWE-918) in the guardrails-detectors component. An attacker triggers it by submitting a specially crafted XML Schema Definition (XSD) string. Because the request is forced from the server side, the attacker can coerce the application into making network requests and file reads on their behalf without any authentication or user interaction.
Why It Matters
The flaw carries a CVSS 3.1 base score of 9.3 (CRITICAL), vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N. It is network-exploitable, requires low attack complexity, needs no privileges, and results in a changed scope with high confidentiality impact. Successful exploitation can expose credentials from cloud metadata services, the Kubernetes API, internal MinIO storage, and other internal network endpoints. It also enables local file reads of critical data such as service account tokens and pod secrets; material that can be leveraged for deeper compromise of a cluster.
What's Vulnerable
- Vendor: Red Hat
- Product: Red Hat OpenShift AI (RHOAI)
- Affected package:
rhoai/odh-fms-guardrails-orchestrator-rhel9 - CPE:
cpe:/a:redhat:openshift_ai
The vulnerable code is the guardrails-detectors component, and Red Hat lists the default status for the affected package as affected.
Patch Status
The supplied source material does not include a fixed version, remediation steps, or a required-action deadline. There is no CISA KEV entry in the provided data, so active exploitation is not confirmed by KEV at this time. Refer to the Red Hat security advisory and Bugzilla tracker below for the current remediation status and any fix availability.