Skip to main content

guardrails-detectors CVE-2026-15143

| EUVDEUVD-2026-42927 CRITICAL
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-10 redhat GHSA-34cr-c6hf-4xgc
9.3
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
vuln.today AI
9.3 CRITICAL

Remote unauthenticated XSD input (AV:N/AC:L/PR:N/UI:N); SSRF crosses trust boundary (S:C) reading credentials/files (C:H), minor internal state change (I:L), no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 16:22 vuln.today

DescriptionCVE.org

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services.

AnalysisAI

Server-side request forgery in the file_type content detector of guardrails-detectors (a component shipped with Red Hat OpenShift AI/RHOAI) allows a remote attacker to submit an arbitrary XML Schema Definition (XSD) that the parser resolves without restriction, coercing the server into fetching attacker-chosen URLs or reading local files. Because the CVSS vector is AV:N/PR:N/UI:N with a changed scope and high confidentiality impact (base score 9.3), an unauthenticated attacker can pivot into internal networks and harvest secrets such as cloud provider credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach guardrails-detectors file_type endpoint
Delivery
Submit crafted XSD with external reference
Exploit
Parser resolves attacker URL (SSRF)
Execution
Server fetches metadata/internal service or file://
Persist
Leak cloud credentials or internal data
Impact
Exfiltrate to attacker

Vulnerability AssessmentAI

Exploitation The concrete prerequisite is that the attacker can reach the guardrails-detectors service and submit input to the file_type content detector that accepts an arbitrary XSD/XML Schema string, which the detector then parses and resolves without disabling external references. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are largely aligned toward high priority but incomplete. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a guardrails-detectors endpoint submits content to the file_type detector containing a crafted XSD whose schema reference points at the cloud instance-metadata service or an internal-only URL. The server resolves the reference and returns or leaks the response, letting the attacker read cloud credentials or reach services that are not exposed externally; a second variant uses a file:// reference to read local files. …
Remediation No vendor-released patch version is identified at time of analysis - the provided references point to the Red Hat CVE page (https://access.redhat.com/security/cve/CVE-2026-15143) and Bugzilla 2498165, not to a tagged fixed release - so monitor those advisories and apply the RHOAI errata/updated guardrails-detectors image as soon as Red Hat publishes it. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all Red Hat OpenShift AI deployments to identify guardrails-detectors versions and document network exposure; confirm component functionality requirements. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy