Vulnerability in Red Hat OpenShift AI's ODH Dashboard Exposes Service Account Tokens
CVE-2026-5483

8.5HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Ai 2.16
Red Hat Openshift Ai 2.25
Red Hat Openshift Ai 3.2
Red Hat Openshift Ai 3.3
Vendor
CVE Published:
10 April 2026

What is CVE-2026-5483?

A flaw exists within the ODH Dashboard component of Red Hat OpenShift AI that could lead to the unintended exposure of Kubernetes Service Account tokens via an insecure NodeJS endpoint. This vulnerability allows unauthorized individuals to potentially access sensitive Kubernetes resources, increasing the risk of security breaches and data leaks.

Affected Version(s)

Red Hat OpenShift AI 2.16 1775230902

Red Hat OpenShift AI 2.25 1775234711

Red Hat OpenShift AI 3.2 1775523049

References

https://access.redhat.com/errata/RHSA-2026:7397
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7398
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7403
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.