cbcvebase.

Redhat Openshift Ai vulnerabilities

3 known vulnerabilities affecting redhat/openshift_ai.

Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2

Vulnerabilities

Page 1 of 1
CVE-2026-42271P1HIGHCVSS 8.8KEVPoC≥ 2.25, < 2.25.8≥ 3.3, < 3.3.4+1 more2026-05-08
CVE-2026-42271 [HIGH] CWE-77 CVE-2026-42271: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and
nvd
CVE-2026-5483P2CRITICALCVSS 9.9≥ 2.16, < 2.16.4≥ 2.25, < 2.25.4+2 more2026-04-10
CVE-2026-5483 [CRITICAL] CWE-201 CVE-2026-5483: A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
nvd
CVE-2025-12805P3HIGHCVSS 8.1v2.252026-03-26
CVE-2025-12805 [HIGH] CWE-653 CVE-2025-12805: A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows una A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack
nvd