Blind SSRF Vulnerability in Guardrails-Detectors from Red Hat
CVE-2026-15378

9.3CRITICAL

Key Information:

Vendor

Red Hat

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15378?

A vulnerability exists in the guardrails-detectors component which allows remote attackers to exploit a blind Server-Side Request Forgery (SSRF) by submitting crafted XML Schema Definition (XSD) strings. This exploitation can compromise sensitive information such as credentials associated with cloud metadata services, the Kubernetes API, MinIO instances, and other internal network endpoints. Additionally, this vulnerability facilitates unauthorized local file reads of critical data including service account tokens and pod secrets, posing significant risks to system integrity and data security.

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.