CLEANSTART-2026-PK73499 Security fixes for CVE-2026-5588, CVE-2026-5598, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-c3fc-8qff-9hwx, ghsa-fghv-69vj-qj49, ghsa-p93r-85wp-75v3, ghsa-prj3-ccx8-p6x4, ghsa-wg6q-6289-32hp, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16, 0.9.0-r1

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-EZ90321 Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper s...

Multiple security vulnerabilities affect the kserve-modelmesh package. Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...

CLEANSTART-2026-QG74410 Security fixes for ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-fghv-69vj-qj49, ghsa-prj3-ccx8-p6x4, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: prometheus-blackbox-exporter, apko, libnvidia-container, knative-serving, oauth2-proxy, gatekeeper, kserve-rest-proxy, kube-fluentd-operator, cloudnative-pg, coredns, nerdctl, lvm-driver, zot, splunk-otel-collector, cis-operator, grafana-mimir,...

CLEANSTART-2026-AA51484 Security fixes for ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-fghv-69vj-qj49, ghsa-prj3-ccx8-p6x4, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-OZ32100 Security fixes for ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-fghv-69vj-qj49, ghsa-prj3-ccx8-p6x4, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-DP55969 Security fixes for ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-fghv-69vj-qj49, ghsa-prj3-ccx8-p6x4, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-25QH-J22F-PWP8 vulnerabilities

Vulnerabilities for packages: trino, kserve-modelmesh, sonar-scanner-cli, cassandra-reaper, akhq, apache-nifi, apache-nifi-registry, dependency-track, nextflow, thingsboard, zookeeper, management-api-for-apache-cassandra-5.0, cassandra...

CVE-2025-11226 vulnerabilities

Vulnerabilities for packages: trino, kserve-modelmesh, sonar-scanner-cli, cassandra-reaper, akhq, apache-nifi, apache-nifi-registry, dependency-track, nextflow, thingsboard, zookeeper, management-api-for-apache-cassandra-5.0, cassandra...

CVE-2025-11226 vulnerabilities

Vulnerabilities for packages: thingsboard, localstack, kserve-modelmesh, cassandra, kayenta, apache-nifi, nacos, zookeeper, nextflow, management-api-for-apache-cassandra-4.1, sonar-scanner-cli, knative-kafka-broker, zookeeper-fips, apache-nifi-registry, cassandra-reaper,...

GHSA-25QH-J22F-PWP8 vulnerabilities

Vulnerabilities for packages: thingsboard, localstack, kserve-modelmesh, cassandra, kayenta, apache-nifi, nacos, zookeeper, nextflow, management-api-for-apache-cassandra-4.1, sonar-scanner-cli, knative-kafka-broker, zookeeper-fips, apache-nifi-registry, cassandra-reaper,...

EUVD-2025-31743

Malicious code in bioql PyPI...

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

CVE-2025-57852

A CVE is reported for KServe ModelMesh container images: a build-time /etc/passwd file created with group-writable permissions allows a non-root container user, if they are in the root group, to modify /etc/passwd and add a user with any UID (including 0), enabling full container root access. Thi...

CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

PT-2025-39995

Name of the Vulnerable Software and Affected Versions KServe ModelMesh container images affected versions not specified Description A container privilege escalation flaw exists due to the /etc/passwd file being created with group-writable permissions during the build process. An attacker with the...

CVE-2025-48924 vulnerabilities

Vulnerabilities for packages: apache-activemq-artemis, gradle, debezium-connector-spanner, jenkins-plugin-manager, kafka, keycloak-config-cli, flyway, logstash, nrjmx, kserve-modelmesh, cassandra, solr, liquibase, apache-nifi, wildfly, confluent-kafka, neo4j, sonar-scanner-cli, cassandra-reaper,...

GHSA-J288-Q9X7-2F5V vulnerabilities

Vulnerabilities for packages: apache-activemq-artemis, gradle, debezium-connector-spanner, jenkins-plugin-manager, kafka, keycloak-config-cli, flyway, logstash, nrjmx, kserve-modelmesh, cassandra, solr, liquibase, apache-nifi, wildfly, confluent-kafka, neo4j, sonar-scanner-cli, cassandra-reaper,...

GHSA-J288-Q9X7-2F5V vulnerabilities

Vulnerabilities for packages: thingsboard, jenkins-plugin-manager, cassandra-fips, nrjmx, localstack, maven-stage0, keycloak-config-cli, logstash, tritonserver-backend-vllm, apache-activemq-artemis, kserve-modelmesh, cassandra, elasticsearch, apache-nifi, zipkin, ghidra,...