Skip to main content

Red Hat Openshift Ai Rhoai

5 CVEs product

Monthly

CVE-2026-23537 CRITICAL PATCH Act Now

Arbitrary file write in the Feast Feature Server's `/save-document` endpoint lets an unauthenticated remote attacker write attacker-controlled JSON to the host filesystem, bypassing the endpoint's path restrictions to overwrite application configuration or startup scripts. Because no credentials are required (CVSS 9.1, PR:N), any network-reachable attacker can corrupt system integrity, cause denial of service through disk exhaustion, or potentially achieve remote code execution. This flaw also ships in Red Hat OpenShift AI (RHOAI), which bundles Feast; there is no public exploit identified at time of analysis and it is not in CISA KEV.

Authentication Bypass RCE Denial Of Service Red Hat Openshift Ai Rhoai Feast Feature Server
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-12706 MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Denial Of Service Use After Free Memory Corruption Red Hat Red Hat Openshift Ai Rhoai +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12491 PyPI MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Red Hat Openshift Ai Rhoai Red Hat Ai Inference Server Red Hat Enterprise Linux Ai Rhel Ai 3
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-5483 CRITICAL PATCH Act Now

Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.

Authentication Bypass Kubernetes Red Hat Red Hat Openshift Ai Rhoai Red Hat Openshift Ai 2 16
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-23536 HIGH This Week

The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. The vulnerability is rated 7.5 (High) with network-based exploitation requiring no authentication or user interaction, though no active exploitation (KEV) or public proof-of-concept is currently documented.

Path Traversal Red Hat Openshift Ai Rhoai
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Arbitrary file write in the Feast Feature Server's `/save-document` endpoint lets an unauthenticated remote attacker write attacker-controlled JSON to the host filesystem, bypassing the endpoint's path restrictions to overwrite application configuration or startup scripts. Because no credentials are required (CVSS 9.1, PR:N), any network-reachable attacker can corrupt system integrity, cause denial of service through disk exhaustion, or potentially achieve remote code execution. This flaw also ships in Red Hat OpenShift AI (RHOAI), which bundles Feast; there is no public exploit identified at time of analysis and it is not in CISA KEV.

Authentication Bypass RCE Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Denial Of Service Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Red Hat Openshift Ai Rhoai +2
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Kubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authenticated low-privileged user retrieve SA tokens via an exposed NodeJS endpoint, then reuse them to reach Kubernetes resources beyond the dashboard's intended scope. Rated CVSS 9.9 with a changed scope, the flaw effectively converts limited dashboard access into broad cluster access. There is no public exploit identified at time of analysis and EPSS is very low (0.06%), but a vendor patch is already available via Red Hat errata.

Authentication Bypass Kubernetes Red Hat +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. The vulnerability is rated 7.5 (High) with network-based exploitation requiring no authentication or user interaction, though no active exploitation (KEV) or public proof-of-concept is currently documented.

Path Traversal Red Hat Openshift Ai Rhoai
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy