Skip to main content

TrustyAI Operator CVE-2026-15044

| EUVDEUVD-2026-42283 MEDIUM
Information Exposure (CWE-200)
2026-07-08 secalert@redhat.com GHSA-569j-6vhh-8mc3
6.3
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
6.3 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
6.3 MEDIUM

Adjacent vector confirmed by cluster-internal scope; PR:L reflects required cluster foothold; C:H for sensitive guardrail data exposure; I:L for described limited model changes.

3.1 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
4.0 AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 16:03 vuln.today

DescriptionCVE.org

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models.

AnalysisAI

Unauthenticated cluster-internal access to TrustyAI Service Operator's gorch and NemoGuardrails deployments is possible when a specific security setting is not explicitly enabled at deployment time. Any workload running within the same Kubernetes or OpenShift cluster can reach these AI guardrail and orchestration service endpoints without presenting credentials, exposing sensitive inference data and enabling limited unauthorized model interactions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain foothold in target Kubernetes cluster
Delivery
Enumerate cluster-internal service endpoints
Exploit
Identify TrustyAI gorch or NemoGuardrails service lacking authentication
Execution
Send unauthenticated API requests to service
Persist
Extract sensitive AI guardrail data
Impact
Issue limited unauthorized model interaction commands

Vulnerability AssessmentAI

Exploitation Exploitation requires two specific conditions to align: first, the TrustyAI operator must have deployed a gorch or NemoGuardrails service instance without enabling the specific security/authentication setting - this is a non-default misconfiguration, not an attack against default-secure deployments. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The reported CVSS 6.3 (Medium) with vector AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N reflects a constrained but meaningful risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised an application pod inside the same Kubernetes or OpenShift cluster - for instance through a vulnerable web service or supply chain compromise - can enumerate internal service endpoints and discover an unauthenticated TrustyAI gorch or NemoGuardrails service. The attacker then issues direct API requests to the service without credentials, extracting sensitive data processed by the AI guardrail pipeline (such as prompts, filtered outputs, or model metadata) and potentially issuing limited unauthorized control requests to influence model behavior.
Remediation The primary remediation is to apply the vendor-released patch from Red Hat - consult https://access.redhat.com/security/cve/CVE-2026-15044 for the specific patched TrustyAI operator version, which is not independently confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy