Skip to main content

guardrails-detectors CVE-2026-15378

| EUVDEUVD-2026-42858 CRITICAL
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-10 secalert@redhat.com GHSA-85xg-h6rv-rgf5
9.3
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
vuln.today AI
9.3 CRITICAL

Network-reachable XSD input with no auth or interaction (AV:N/AC:L/PR:N/UI:N); SSRF reaching other systems changes scope (S:C) with high confidentiality (C:H), minor integrity (I:L), no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 10, 2026 - 10:32 vuln.today
CVE Published
Jul 10, 2026 - 10:16 nvd
CRITICAL 9.3

DescriptionCVE.org

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets.

AnalysisAI

Server-Side Request Forgery in the guardrails-detectors component allows a remote attacker to submit a crafted XML Schema Definition (XSD) that forces the service to make attacker-directed requests, reaching cloud metadata services, the Kubernetes API, internal MinIO object storage, and other internal endpoints, and to read local files such as service account tokens and pod secrets. Because the flaw is blind SSRF chained to local file disclosure inside a container/Kubernetes context, an attacker can harvest credentials and pivot deeper into the cluster. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach detector API over network
Delivery
Submit crafted XSD with external reference
Exploit
Parser dereferences attacker URI (blind SSRF)
Execution
Redirect to metadata/Kube API or file:// token
Persist
Exfiltrate credentials and pod secrets
Impact
Authenticate and pivot into cluster

Vulnerability AssessmentAI

Exploitation Exploitation requires that the guardrails-detectors endpoint accept and parse an attacker-supplied XSD string, and that the underlying XML/XSD parser resolve external references (external schemas/entities and file:// URIs) rather than having them disabled - that XSD-processing path is the concrete precondition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely aligned toward high priority: CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N describes network-reachable, low-complexity, unauthenticated exploitation with high confidentiality impact and a scope change, and the reported base score is 9.3. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the detector API submits a crafted XSD whose external schema/entity reference points at http://169.254.169.254/ or file:///var/run/secrets/kubernetes.io/serviceaccount/token; the parser dereferences it and, via the blind SSRF and file-read primitive, leaks cloud IAM credentials or the pod's service account token. With those tokens the attacker authenticates to the cloud metadata-backed role or the Kubernetes API and pivots into the cluster and internal MinIO storage. …
Remediation No vendor-released patch version is identified in the available data; monitor the Red Hat advisory (https://access.redhat.com/security/cve/CVE-2026-15378) and Bugzilla 2498941 (https://bugzilla.redhat.com/show_bug.cgi?id=2498941) and upgrade to the fixed guardrails-detectors build as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all deployments of guardrails-detectors component and assess whether they process untrusted XSD inputs; document affected services and their access levels. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-15378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy