Red Hat Openshift Ai
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Openshift Ai.
Recent Red Hat Openshift Ai Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:2695 | (RHSA-2026:2695) RHOAI 2.25.2 - Red Hat OpenShift AI | February 12, 2026 |
| RHSA-2026:2106 | (RHSA-2026:2106) RHOAI 2.25.2 - Red Hat OpenShift AI | February 5, 2026 |
| RHSA-2026:1027 | (RHSA-2026:1027) RHOAI 3.2 - Red Hat OpenShift AI | January 22, 2026 |
| RHSA-2026:1026 | (RHSA-2026:1026) RHOAI 3.2 - Red Hat OpenShift AI | January 22, 2026 |
| RHSA-2025:23531 | (RHSA-2025:23531) RHOAI 2.25.1 - Red Hat OpenShift AI | December 17, 2025 |
| RHSA-2025:22759 | (RHSA-2025:22759) RHOAI 2.22.3 - Red Hat OpenShift AI | December 4, 2025 |
| RHSA-2025:21117 | (RHSA-2025:21117) RHOAI 3.0 - Red Hat OpenShift AI | November 12, 2025 |
By the Year
In 2026 there have been 2 vulnerabilities in Red Hat Openshift Ai with an average score of 6.8 out of ten. Last year, in 2025 Openshift Ai had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Openshift Ai in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.86.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.80 |
| 2025 | 7 | 5.94 |
| 2024 | 2 | 8.10 |
It may take a day or so for new Openshift Ai vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Ai Security Vulnerabilities
Information Disclosure in Go Viper Mapstructure WeakDecode via Error Messages
CVE-2025-11065
5.3 - Medium
- January 26, 2026
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
Generation of Error Message Containing Sensitive Information
Hibernate Second-Order SQLi via InlineIdsOrClauseBuilder
CVE-2026-0603
8.3 - High
- January 23, 2026
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
SQL Injection
CVE-2025-12103: OpenShift AI TrustyAI Arbitrary Pod & PV Access
CVE-2025-12103
5 - Medium
- October 28, 2025
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`
Incorrect Privilege Assignment
Privilege Escalation via Authenticated Jupyter in RedHat OpenShift AI
CVE-2025-10725
9.9 - Critical
- September 30, 2025
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.
Incorrect Privilege Assignment
KServe ModelMesh Privilege Escalation via /etc/passwd
CVE-2025-57852
5.2 - Medium
- September 30, 2025
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Incorrect Default Permissions
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Verification of Cryptographic Signature
Command Injection via LMEvalJob CR in TrustyAI Explainability Toolkit
CVE-2025-6193
5.9 - Medium
- June 20, 2025
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
Shell injection
crossbeam-channel: Drop race may lead to double-free (CVE-2025-4574)
CVE-2025-4574
6.5 - Medium
- May 13, 2025
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Double-free
serialize-javascript XSS via unsanitized regex input
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
PAM Access Hostname Spoofing Vulnerability
CVE-2024-10963
7.4 - High
- November 07, 2024
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
authentification
OpenShift AI Auth Bypass & Priv Esc Vulnerability
CVE-2024-7557
8.8 - High
- August 12, 2024
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
Authorization
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift Ai or by Red Hat? Click the Watch button to subscribe.
