cbcvebase.
CVE-2026-34940
published 2026-04-06

CVE-2026-34940: KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.45%
35.8th percentile
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comkubeai-project_kubeai>= 0 < 0.23.20.23.2
kubeai-projectkubeai< 0.23.20.23.2
kubeaikubeai< 0.23.20.23.2

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for creation or update of Model custom resources in Kubernetes clusters running KubeAI, particularly where model URL components (ref, modelParam) contain shell metacharacters or command injection payloads
  • Inspect the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go for unsanitized use of fmt.Sprintf with model URL components (ref, modelParam) passed into a bash -c startup probe command
  • Alert on Kubernetes startup probe commands (bash -c) in model server pods that contain unexpected shell operators or subshell constructs, which may indicate command injection via a malicious Model CR
  • ·Vulnerability affects KubeAI versions prior to 0.23.2; upgrade to 0.23.2 or later to remediate
  • ·Exploitation requires the attacker to have permissions to create or update Model custom resources in the Kubernetes cluster
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.