Remote Code Execution Risk in guardrails-detectors from Red Hat
CVE-2026-15143

9.3CRITICAL

Key Information:

Vendor

Red Hat

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15143?

A security flaw exists in the file_type content detector of the guardrails-detectors product. This vulnerability enables a remote attacker to provide an arbitrary XML Schema Definition (XSD) string, which is processed improperly, allowing the possibility for server-side requests to arbitrary URLs and local file reads. This could lead to the exposure of sensitive data, including cloud provider credentials and access to internal network services.

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.