Rhoai Odh-Trustyai-Nemo-Guardrails-Server-Rhel9 vulnerabilities

4 known vulnerabilities affecting rhoai/odh-trustyai-nemo-guardrails-server-rhel9.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-41481MEDIUMCVSS 6.52026-04-24
CVE-2026-41481 [MEDIUM] CWE-918 langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Request Forgery (SSRF) bypass, allows a remote attacker to redirect a seemingly safe URL to internal network resources. By exploiting unvalidat
redhat
CVE-2026-41488LOWCVSS 3.12026-04-24
CVE-2026-41488 [LOW] CWE-367 langchain-openai: Langchain-openai: Server-Side Request Forgery (SSRF) protection bypass via DNS rebinding langchain-openai: Langchain-openai: Server-Side Request Forgery (SSRF) protection bypass via DNS rebinding A flaw was found in langchain-openai. A remote attacker could exploit a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, also known as a DNS rebinding vulnerability. This occurs because the _url_to_size() helper, used for image token counting, validate
redhat
CVE-2026-3219MEDIUMCVSS 4.62026-04-20
CVE-2026-3219 [MEDIUM] CWE-1287 pip: pip: Incorrect file installation due to improper archive handling pip: pip: Incorrect file installation due to improper archive handling A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect' files. This could allow an a
redhat
CVE-2026-28684MEDIUMCVSS 6.62026-04-20
CVE-2026-28684 [MEDIUM] CWE-59 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the `set_key()` and `unset_key()` functions in python-dotenv follow when rewriting `.env` files. This can lead to the overwriting of arbitrary files on the system. Mitigation: Mitigation for this i
redhat