Critical vulnerability in Red Hat OpenShift AI (RHOAI) Cybersecurity (CVE-2026-15378)
Key Facts
- Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Products Downloads and Containers Downloads Packages Containers Top Resources Documentation Product Life Cycles Product Compliance Errata Knowledge Red Hat Knowledge Center Knowledgebase Solutions Knowledgebase Articles Customer Portal Labs Errata Top Product Docs Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Product Docs Training and Certification About Course Index Certification Index Skill Assessment Security Red Hat Product Security Center Security Updates Security Advisories Red Hat CVE Database Errata References Security Bulletins Severity Ratings Security Data Top Resources Security Labs Backporting Policies Security Blog Support Red Hat Support Support Cases Troubleshoot Get Support Contact Red Hat Support Red Hat Community Support Customer Portal Community Community Discussions Red Hat Accelerator Program Top Resources Product Life Cycles Customer Portal Labs Red Hat JBoss Supported Configurations Red Hat Lightspeed Or troubleshoot an issue .
- English Select Your Language English Français 한국어 日本語 中文 (中国) Infrastructure and Management Red Hat Enterprise Linux Red Hat Satellite Red Hat Subscription Management Red Hat Lightspeed Red Hat Ansible Automation Platform Cloud Computing Red Hat OpenShift Red Hat OpenStack Platform Red Hat OpenShift Red Hat OpenShift AI Red Hat OpenShift Dedicated Red Hat Advanced Cluster Security for Kubernetes Red Hat Advanced Cluster Management for Kubernetes Red Hat Quay Red Hat OpenShift Dev Spaces Red Hat OpenShift Service on AWS Storage Red Hat Gluster Storage Red Hat Hyperconverged Infrastructure Red Hat Ceph Storage Red Hat OpenShift Data Foundation Runtimes Red Hat Runtimes Red Hat JBoss Enterprise Application Platform Red Hat Data Grid Red Hat JBoss Web Server Red Hat build of Keycloak Red Hat support for Spring Boot Red Hat build of Node.js Red Hat build of Quarkus Integration and Automation Red Hat Application Foundations Red Hat Fuse Red Hat AMQ Red Hat 3scale API Management All Products We're sorry but cve-details doesn't work properly without JavaScript enabled.
- CVE-2026-40639: Dell Client BIOS Privilege Escalation Flaw.
Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Products Downloads and Containers Downloads Packages Containers Top Resources Documentation Product Life Cycles Product Compliance Errata Knowledge Red Hat Knowledge Center Knowledgebase Solutions Knowledgebase Articles Customer Portal Labs Errata Top Product Docs Red Hat Enterprise Linux Red Hat OpenShift Red Hat Ansible Automation Platform All Product Docs Training and Certification About Course Index Certification Index Skill Assessment Security Red Hat Product Security Center Security Updates Security Advisories Red Hat CVE Database Errata References Security Bulletins Severity Ratings Security Data Top Resources Security Labs Backporting Policies Security Blog Support Red Hat Support Support Cases Troubleshoot Get Support Contact Red Hat Support Red Hat Community Support Customer Portal Community Community Discussions Red Hat Accelerator Program Top Resources Product Life Cycles Customer Portal Labs Red Hat JBoss Supported Configurations Red Hat Lightspeed Or troubleshoot an issue . The issue is tracked as CVE-2026-15378. English Select Your Language English Français 한국어 日本語 中文 (中国) Infrastructure and Management Red Hat Enterprise Linux Red Hat Satellite Red Hat Subscription Management Red Hat Lightspeed Red Hat Ansible Automation Platform Cloud Computing Red Hat OpenShift Red Hat OpenStack Platform Red Hat OpenShift Red Hat OpenShift AI Red Hat OpenShift Dedicated Red Hat Advanced Cluster Security for Kubernetes Red Hat Advanced Cluster Management for Kubernetes Red Hat Quay Red Hat OpenShift Dev Spaces Red Hat OpenShift Service on AWS Storage Red Hat Gluster Storage Red Hat Hyperconverged Infrastructure Red Hat Ceph Storage Red Hat OpenShift Data Foundation Runtimes Red Hat Runtimes Red Hat JBoss Enterprise Application Platform Red Hat Data Grid Red Hat JBoss Web Server Red Hat build of Keycloak Red Hat support for Spring Boot Red Hat build of Node.js Red Hat build of Quarkus Integration and Automation Red Hat Application Foundations Red Hat Fuse Red Hat AMQ Red Hat 3scale API Management All Products We’re sorry but cve-details doesn’t work properly without JavaScript enabled.
TL;DR
- CVE-2026-40639: Dell Client BIOS Privilege Escalation Flaw.
Context of the Unknown Incident
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.3, CVEs: CVE-2026-15378, Summary: A flaw was found in the guardrails-detectors component.
This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=2498941
Technical Details
CVEs:
Technical specifics on the underlying mechanism remain under review by security researchers.
Impact
The full scope of impact remains under assessment.
Analysis
This disclosure adds to a growing pattern of significant vulnerabilities affecting enterprise infrastructure. As AI tooling proliferates, security teams face expanding attack surfaces tied to model inference and data pipelines.
Security teams should monitor vendor advisories and threat intelligence sources closely for additional context or updates. Organizations with mature security programs are advised to incorporate this intelligence into their regular risk assessments and prioritize response activities based on exposure and asset criticality. For environments where immediate remediation is not feasible, compensating controls such as network segmentation, enhanced monitoring, and access restrictions should be evaluated. Security leadership should communicate relevant details to operational teams and ensure that incident response capabilities are prepared if exploitation is observed in the wild.
Sources & References
- CVE-2026-40639: Dell Client BIOS Privilege Escalation Flaw. Primary research blog. https://www.sentinelone.com/vulnerability-database/cve-2026-40639/
- Source referenced in coverage https://access.redhat.com/security/cve/cve-2026-15378
- CVE-2026-15378 — NIST National Vulnerability Database entry. https://nvd.nist.gov/vuln/detail/CVE-2026-15378
- CVE-2026-15378 — National Vulnerability Database
SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.
Security Digest
Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.
Related Articles
Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds Cybersecurity
Tracked as CVE-2026-40639 and addressed in Dell Security Advisory DSA-2026-197, the issue affects certain Dell client platforms that use the proprietary DVAR...
TechnologyWeekly Metasploit Update: Exploits for FlowiseAI CSV Agent and MacOS Package Kit Cybersecurity
Flowise CSV Agent Prompt Injection RCE Authors: Takahiro Yokoyama and zdi-disclosures Type: Exploit Pull request: 21407 contributed by Takahiro-Yoko Path...
TechnologyWP-SHELLSTORM Exposed: Hackers Backdoored Thousands of WordPress Websites Cybersecurity
Treat the Joomla JCE flaw (CVE-2026-48907, fixed in 2.9.99.5) as urgent too, since it is a maximum-severity and on CISA's actively-exploited list, even...
TechnologyProgress Urges ShareFile Admins to Shut Down Servers Over Credible Security Threat Cybersecurity
In April 2026, watchTowr Labs disclosed two chainable vulnerabilities in Storage Zone Controller: CVE-2026-2699, an authentication bypass with a CVSS score...