Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Adjacent vector confirmed by cluster-internal scope; PR:L reflects required cluster foothold; C:H for sensitive guardrail data exposure; I:L for described limited model changes.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models.
AnalysisAI
Unauthenticated cluster-internal access to TrustyAI Service Operator's gorch and NemoGuardrails deployments is possible when a specific security setting is not explicitly enabled at deployment time. Any workload running within the same Kubernetes or OpenShift cluster can reach these AI guardrail and orchestration service endpoints without presenting credentials, exposing sensitive inference data and enabling limited unauthorized model interactions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two specific conditions to align: first, the TrustyAI operator must have deployed a gorch or NemoGuardrails service instance without enabling the specific security/authentication setting - this is a non-default misconfiguration, not an attack against default-secure deployments. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The reported CVSS 6.3 (Medium) with vector AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N reflects a constrained but meaningful risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has compromised an application pod inside the same Kubernetes or OpenShift cluster - for instance through a vulnerable web service or supply chain compromise - can enumerate internal service endpoints and discover an unauthenticated TrustyAI gorch or NemoGuardrails service. The attacker then issues direct API requests to the service without credentials, extracting sensitive data processed by the AI guardrail pipeline (such as prompts, filtered outputs, or model metadata) and potentially issuing limited unauthorized control requests to influence model behavior. |
| Remediation | The primary remediation is to apply the vendor-released patch from Red Hat - consult https://access.redhat.com/security/cve/CVE-2026-15044 for the specific patched TrustyAI operator version, which is not independently confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-200 – Information Exposure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42283
GHSA-569j-6vhh-8mc3