Red Hat Openshift Ai Rhoai
Monthly
Arbitrary file write in the Feast Feature Server's `/save-document` endpoint lets an unauthenticated remote attacker write attacker-controlled JSON to the host filesystem, bypassing the endpoint's path restrictions to overwrite application configuration or startup scripts. Because no credentials are required (CVSS 9.1, PR:N), any network-reachable attacker can corrupt system integrity, cause denial of service through disk exhaustion, or potentially achieve remote code execution. This flaw also ships in Red Hat OpenShift AI (RHOAI), which bundles Feast; there is no public exploit identified at time of analysis and it is not in CISA KEV.
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.
Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.
Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.
The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. The vulnerability is rated 7.5 (High) with network-based exploitation requiring no authentication or user interaction, though no active exploitation (KEV) or public proof-of-concept is currently documented.
Arbitrary file write in the Feast Feature Server's `/save-document` endpoint lets an unauthenticated remote attacker write attacker-controlled JSON to the host filesystem, bypassing the endpoint's path restrictions to overwrite application configuration or startup scripts. Because no credentials are required (CVSS 9.1, PR:N), any network-reachable attacker can corrupt system integrity, cause denial of service through disk exhaustion, or potentially achieve remote code execution. This flaw also ships in Red Hat OpenShift AI (RHOAI), which bundles Feast; there is no public exploit identified at time of analysis and it is not in CISA KEV.
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.
Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.
Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.
The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. The vulnerability is rated 7.5 (High) with network-based exploitation requiring no authentication or user interaction, though no active exploitation (KEV) or public proof-of-concept is currently documented.