Skip to main content
SecurityXP

Critical vulnerability in Red Hat OpenShift AI (RHOAI) Cybersecurity (CVE-2026-15378)

· 3 min read · SecurityXP

Key Facts

  • Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Products Downloads and Containers Downloads Packages Containers Top Resources Documentation Product Life Cycles Product Compliance Errata Knowledge Red Hat Knowledge Center Knowledgebase Solutions Knowledgebase Articles Customer Portal Labs Errata Top Product Docs Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Product Docs Training and Certification About Course Index Certification Index Skill Assessment Security Red Hat Product Security Center Security Updates Security Advisories Red Hat CVE Database Errata References Security Bulletins Severity Ratings Security Data Top Resources Security Labs Backporting Policies Security Blog Support Red Hat Support Support Cases Troubleshoot Get Support Contact Red Hat Support Red Hat Community Support Customer Portal Community Community Discussions Red Hat Accelerator Program Top Resources Product Life Cycles Customer Portal Labs Red Hat JBoss Supported Configurations Red Hat Lightspeed Or troubleshoot an issue .
  • English Select Your Language English Français 한국어 日本語 中文 (中国) Infrastructure and Management Red Hat Enterprise Linux Red Hat Satellite Red Hat Subscription Management Red Hat Lightspeed Red Hat Ansible Automation Platform Cloud Computing Red Hat OpenShift Red Hat OpenStack Platform Red Hat OpenShift Red Hat OpenShift AI Red Hat OpenShift Dedicated Red Hat Advanced Cluster Security for Kubernetes Red Hat Advanced Cluster Management for Kubernetes Red Hat Quay Red Hat OpenShift Dev Spaces Red Hat OpenShift Service on AWS Storage Red Hat Gluster Storage Red Hat Hyperconverged Infrastructure Red Hat Ceph Storage Red Hat OpenShift Data Foundation Runtimes Red Hat Runtimes Red Hat JBoss Enterprise Application Platform Red Hat Data Grid Red Hat JBoss Web Server Red Hat build of Keycloak Red Hat support for Spring Boot Red Hat build of Node.js Red Hat build of Quarkus Integration and Automation Red Hat Application Foundations Red Hat Fuse Red Hat AMQ Red Hat 3scale API Management All Products We're sorry but cve-details doesn't work properly without JavaScript enabled.
  • CVE-2026-40639: Dell Client BIOS Privilege Escalation Flaw.

Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Products Downloads and Containers Downloads Packages Containers Top Resources Documentation Product Life Cycles Product Compliance Errata Knowledge Red Hat Knowledge Center Knowledgebase Solutions Knowledgebase Articles Customer Portal Labs Errata Top Product Docs Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Product Docs Training and Certification About Course Index Certification Index Skill Assessment Security Red Hat Product Security Center Security Updates Security Advisories Red Hat CVE Database Errata References Security Bulletins Severity Ratings Security Data Top Resources Security Labs Backporting Policies Security Blog Support Red Hat Support Support Cases Troubleshoot Get Support Contact Red Hat Support Red Hat Community Support Customer Portal Community Community Discussions Red Hat Accelerator Program Top Resources Product Life Cycles Customer Portal Labs Red Hat JBoss Supported Configurations Red Hat Lightspeed Or troubleshoot an issue . The issue is tracked as CVE-2026-15378. English Select Your Language English Français 한국어 日本語 中文 (中国) Infrastructure and Management Red Hat Enterprise Linux Red Hat Satellite Red Hat Subscription Management Red Hat Lightspeed Red Hat Ansible Automation Platform Cloud Computing Red Hat OpenShift Red Hat OpenStack Platform Red Hat OpenShift Red Hat OpenShift AI Red Hat OpenShift Dedicated Red Hat Advanced Cluster Security for Kubernetes Red Hat Advanced Cluster Management for Kubernetes Red Hat Quay Red Hat OpenShift Dev Spaces Red Hat OpenShift Service on AWS Storage Red Hat Gluster Storage Red Hat Hyperconverged Infrastructure Red Hat Ceph Storage Red Hat OpenShift Data Foundation Runtimes Red Hat Runtimes Red Hat JBoss Enterprise Application Platform Red Hat Data Grid Red Hat JBoss Web Server Red Hat build of Keycloak Red Hat support for Spring Boot Red Hat build of Node.js Red Hat build of Quarkus Integration and Automation Red Hat Application Foundations Red Hat Fuse Red Hat AMQ Red Hat 3scale API Management All Products We’re sorry but cve-details doesn’t work properly without JavaScript enabled.

TL;DR

  • CVE-2026-40639: Dell Client BIOS Privilege Escalation Flaw.

Context of the Unknown Incident

Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.3, CVEs: CVE-2026-15378, Summary: A flaw was found in the guardrails-detectors component.

This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string.

See also: https://bugzilla.redhat.com/show_bug.cgi?id=2498941

Technical Details

CVEs:

Technical specifics on the underlying mechanism remain under review by security researchers.

Impact

The full scope of impact remains under assessment.

Analysis

This disclosure adds to a growing pattern of significant vulnerabilities affecting enterprise infrastructure. As AI tooling proliferates, security teams face expanding attack surfaces tied to model inference and data pipelines.

Security teams should monitor vendor advisories and threat intelligence sources closely for additional context or updates. Organizations with mature security programs are advised to incorporate this intelligence into their regular risk assessments and prioritize response activities based on exposure and asset criticality. For environments where immediate remediation is not feasible, compensating controls such as network segmentation, enhanced monitoring, and access restrictions should be evaluated. Security leadership should communicate relevant details to operational teams and ensure that incident response capabilities are prepared if exploitation is observed in the wild.

Sources & References

S SecurityXP
SecurityXP Cybersecurity News & Analysis

SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

Related Articles