Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description references a 'public detection API' implying network reachability (AV:N over AV:A); no auth or complexity required; impact is availability-only.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline.
AnalysisAI
ReDoS vulnerability in the guardrails-detectors component of Red Hat OpenShift AI enables adjacent-network attackers to submit specially crafted regular expressions to the public detection API, triggering catastrophic backtracking that pins a worker process at 100% CPU indefinitely. The availability impact extends beyond the component itself - the entire guardrails-mediated LLM pipeline is rendered non-functional. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must have network access to the adjacent network segment hosting the guardrails-detectors API (AV:A per vendor CVSS - same subnet, VLAN, or internal network zone). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) rates this 6.5 Medium, with the AV:A (adjacent network) metric being the primary risk-limiting factor - the attack surface is constrained to callers sharing the same network segment, VLAN, or API-accessible zone rather than the open internet. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with access to the same network segment as the OpenShift AI deployment submits a specially crafted regular expression - such as a pattern with exponential alternation like `(a+)+$` against a non-matching input - to the guardrails-detectors public detection API. The regex engine enters catastrophic backtracking, pegging one or more worker processes at 100% CPU with no timeout or recovery path, rendering the guardrails-mediated LLM inference pipeline completely unavailable to all users. |
| Remediation | Apply the vendor-released patch for the guardrails-detectors component of Red Hat OpenShift AI; consult https://access.redhat.com/security/cve/CVE-2026-15154 for the specific patched version and errata - exact fix version numbers are not independently confirmed from available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42382
GHSA-jm96-7wvj-j3r9