Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Adjacent vector because exploitation is confined to the Kubernetes cluster network; PR:L because a running pod is required; C:H for exposed metrics data; I:L per provided vector, A:N as no denial of service is described.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics.
AnalysisAI
Unproxied metrics port exposure in the gorch service template of trustyai-service-operator (part of Red Hat OpenShift AI) allows any pod on the cluster network to access orchestrator and detector metrics endpoints while bypassing kube-rbac-proxy authentication. The flaw manifests specifically when authentication is enabled - the configuration that should be protective is the same one under which the bypass exists. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Three concrete conditions must be met: (1) Red Hat OpenShift AI must be deployed with the trustyai-service-operator and the gorch service template instantiated; (2) authentication must be enabled on the gorch service - paradoxically, this is the configuration under which the bypass exists, as the unproxied port issue only matters when authentication is otherwise expected to be enforced; (3) the attacker must control a pod with network reachability to the cluster-internal pod network (CVSS AV:A, PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N scores 6.3 (Medium), which is a reasonable reflection of real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained execution in any pod on the OpenShift cluster network (via compromised workload, misconfigured RBAC allowing pod creation, or supply chain compromise of a deployed container) issues direct HTTP requests to the gorch service's orchestrator or detector metrics endpoints on their published pod-network ports. Because these ports are unproxied, kube-rbac-proxy is never consulted and no token validation occurs, returning full metrics data to the caller. … |
| Remediation | Check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-15063 for patch availability, as no specific fixed version was confirmed in the available data at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Red Hat Openshift Ai Rhoai
View allKubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authe
Server-side request forgery in the file_type content detector of guardrails-detectors (a component shipped with Red Hat
Arbitrary file write in the Feast Feature Server's `/save-document` endpoint lets an unauthenticated remote attacker wri
The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenti
Denial of service in the Feast Feature Server (the Python feature-store serving component, also shipped within Red Hat O
Sensitive information disclosure in Red Hat OpenShift AI's vllm-orchestrator-gateway component exposes bearer tokens and
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments
Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42293
GHSA-qhhg-cg26-g7r4