Skip to main content

Red Hat Openshift Ai 2 16

1 CVEs product

Monthly

CVE-2026-5483 CRITICAL PATCH Act Now

Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.

Kubernetes Red Hat Authentication Bypass Red Hat Openshift Ai 2 16 Red Hat Openshift Ai Rhoai
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.

Kubernetes Red Hat Authentication Bypass +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy