EUVD-2026-21547
GHSA-w59f-v72r-w493
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
AnalysisAI
Service Account token disclosure in Red Hat OpenShift AI odh-dashboard component exposes Kubernetes credentials through unprotected NodeJS endpoint. Low-privilege authenticated attackers can retrieve service account tokens enabling unauthorized access to Kubernetes cluster resources. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Red Hat OpenShift AI deployments and document versions currently in production. Within 7 days: Restrict network access to odh-dashboard endpoints using network policies and firewall rules, limiting access to only authorized administrators; implement API request logging and monitoring for token retrieval attempts. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today