7 matches found
CVE-2026-42271
Summary: CVE-2026-42271 affects LiteLLM up to v1.83.7, where two MCP preview endpoints (POST /mcp-rest/test/connection and /tools/list) could spawn arbitrary commands via stdio transport when provided a full server config, restricted only by a valid API key. The subprocess ran with the proxy’s pr...
CVE-2024-7557
OpenShift AI CVE-2024-7557 describes an authentication bypass and privilege escalation across models within the same namespace. Affected: OpenShift AI versions prior to 2.9. Root cause: the UI-protected models expose credentials/tokens (ServiceAccount tokens) in the UI, which can be used with oc ...
CVE-2026-1462
The CVE-2026-1462 issue affects the keras package (v3.13.0) via the TFSMLayer deserialization path. The vulnerability allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safe_mode is enabled, due to unconditional loading of external Sa...
CVE-2026-5483
CVE-2026-5483 – Odh-dashboard component in Red Hat OpenShift AI has a flaw that allows disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, enabling potential unauthorized access to Kubernetes resources. Affected product: Red Hat OpenShift AI (odh-dashboard). Root cause: inf...
CVE-2025-12805
CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator where Llama Stack services deployed in different namespaces can be accessed via direct network requests because no NetworkPolicy restricts the llama-stack service endpoint. This allows a user in one namespace to ...
CVE-2023-54365
The CVE covers Traefik versions prior to 2.10.5 and 3.0.0-beta4 affected by a denial-of-service in HTTP/2 request handling derived from the Go standard library’s HTTP/2 implementation (the Rapid Reset technique). A remote attacker can rapidly create and cancel HTTP/2 streams, exhausting server re...
CVE-2026-15154
Technical details (affected products/versions, root cause specifics, remediation) are not publicly provided in the supplied documents. Monitor for updates to confirm scope, impact and fixes for CVE-2026-15154 regarding guardrails-detectors in Red Hat OpenShift AI.