{"id":9156,"date":"2026-07-10T16:35:35","date_gmt":"2026-07-10T16:35:35","guid":{"rendered":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/"},"modified":"2026-07-10T16:35:35","modified_gmt":"2026-07-10T16:35:35","slug":"red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/en\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/","title":{"rendered":"Red Hat OpenShift AI: Multiple Critical Security Vulnerabilities (CVE-2026-15378, CVE-2026-15143)"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Back to Blog                <a href=\"https:\/\/locaterisk.com\/en\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">Red Hat OpenShift AI: Multiple Critical Security Vulnerabilities (CVE-2026-15378, CVE-2026-15143)<\/h1>\r\n            <p class=\"paragraph\"><br><span class=\"lr-ai-disclosure\" style=\"display:block;margin:8px 0 28px;font-size:14px;line-height:1.4;color:#8b93a7;font-family:inherit;font-style:italic;\">This text was generated using artificial intelligence (AI).<\/span><strong>Update July 10, 2026:<\/strong> In addition, CVE-2026-15143 (CVSS 9.3) has been disclosed. This additional blind SSRF vulnerability also affects the <strong>guardrail detectors<\/strong>-component and allows attackers to exploit the <strong>file_type<\/strong>-Detects unauthorized access to internal systems. See below for details.<br><br>On July 10, 2026, two critical vulnerabilities were discovered in the component <strong>guardrail detectors<\/strong> from <strong>Red Hat OpenShift AI<\/strong> published. Each vulnerability has a CVSS score of <strong>9.3 (Critical)<\/strong> have been assessed and allow a remote, unauthenticated attacker to gain access to sensitive internal systems and data through server-side request forgery (SSRF). As of July 10, 2026, there are no indications of active exploitation of these vulnerabilities in the wild.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png\" alt=\"Red Hat OpenShift AI: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-15378, CVE-2026-15143)\" class=\"wp-image-9141\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>The Facts at a Glance<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVE-2026-15378:<\/strong> Blind SSRF via a specially crafted XML Schema Definition (XSD)<\/li>\n\n\n\n<li><strong>CVE-2026-15143:<\/strong> Blind SSRF via the <strong>file_type<\/strong>-Detector using any XSD<\/li>\n\n\n\n<li><strong>CVSS Score:<\/strong> 9.3 (Critical) in each case<\/li>\n\n\n\n<li><strong>Affected component:<\/strong> <strong>guardrail detectors<\/strong> in Red Hat OpenShift AI<\/li>\n\n\n\n<li><strong>Attack vector:<\/strong> Network (AV:N), no authentication required (PR:N)<\/li>\n\n\n\n<li><strong>Patch Status:<\/strong> As of the date of publication (July 10, 2026), no specific patched versions are yet known for either of these CVEs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Technical Details on CVE-2026-15378<\/strong><\/h2>\n\n\n\n<p>According to the advisory published by Red Hat, an attacker can trigger a blind server-side request forgery by sending a specially crafted XML Schema Definition (XSD) to the affected component. In this type of attack, the vulnerable server is tricked into sending requests to other systems on behalf of the attacker. Such requests can bypass firewalls and other protective mechanisms because they originate from a trusted internal source.<\/p>\n\n\n\n<p>The CVSS score <strong>CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:L\/A:N<\/strong> emphasizes the high level of criticality:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AV:N (Network):<\/strong> The attack can be carried out over the network.<\/li>\n\n\n\n<li><strong>AC:L (Low):<\/strong> The implementation is not particularly complex.<\/li>\n\n\n\n<li><strong>PR:N (None):<\/strong> No privileges are required to carry out the attack.<\/li>\n\n\n\n<li><strong>UI:N (None):<\/strong> No user interaction is required.<\/li>\n<\/ul>\n\n\n\n<p>According to Red Hat Bugzilla, the vulnerability is listed under ID 2498941.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Technical Details on CVE-2026-15143<\/strong><\/h2>\n\n\n\n<p>CVE-2026-15143 is another blind SSRF vulnerability in the <strong>guardrail detectors<\/strong>-component. The attack vector runs through the <strong>file_type<\/strong>-detector, whereby an attacker can also trigger a server-side request forgery by injecting an arbitrary XML Schema Definition (XSD). The technical characteristics correspond to CVE-2026-15378:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVSS vector:<\/strong> <strong>CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:L\/A:N<\/strong><\/li>\n\n\n\n<li><strong>CVSS Score:<\/strong> 9.3 (Critical)<\/li>\n\n\n\n<li><strong>Attack path:<\/strong> Network-based, no authentication required<\/li>\n<\/ul>\n\n\n\n<p>Both vulnerabilities allow access to cloud metadata services, the Kubernetes API, internal MinIO storage, and other network endpoints, as well as the ability to read local files such as service account tokens and pod secrets.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Business Risks Posed by SSRF Vulnerabilities<\/strong><\/h2>\n\n\n\n<p>A successful attack on <strong>Red Hat OpenShift AI<\/strong> Exploitation of CVE-2026-15378 or CVE-2026-15143 can have far-reaching consequences, particularly in cloud and Kubernetes environments. Direct risks include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compromised Cloud Accounts:<\/strong> Attackers can access cloud metadata services and steal the credentials stored there.<\/li>\n\n\n\n<li><strong>Migrating Kubernetes Clusters:<\/strong> Access to the Kubernetes API can lead to the complete compromise of the cluster.<\/li>\n\n\n\n<li><strong>Access to internal data storage:<\/strong> Internal systems such as MinIO storage or other network endpoints become accessible.<\/li>\n\n\n\n<li><strong>Theft of login credentials:<\/strong> These vulnerabilities allow attackers to read local files, enabling them to gain access to service account tokens or secrets stored in pods.<\/li>\n<\/ul>\n\n\n\n<p>This information can serve as a starting point for further attacks within the IT infrastructure. The presence of two independent SSRF vectors in the same component significantly increases the attack surface.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Recommended Measures and Compliance Considerations<\/strong><\/h2>\n\n\n\n<p>Red Hat has confirmed both vulnerabilities. As of the date of publication, no specific patched versions are known (as of July 10, 2026); likewise, no specific affected version numbers have been published. Operators of <strong>Red Hat OpenShift AI<\/strong> All production installations should use the <strong>guardrail detectors<\/strong>- Treat the component as potentially affected and take the following steps immediately:<\/p>\n\n\n\n<ol class=\"wp-block-list has-text-color\" style=\"color:#ffffff\">\n<li><strong>Check system status:<\/strong> Identify all instances of Red Hat OpenShift AI in your infrastructure.<\/li>\n\n\n\n<li><strong>Follow updates:<\/strong> Follow the official Red Hat Security Advisories for <a href=\"https:\/\/access.redhat.com\/security\/cve\/CVE-2026-15378\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-15378<\/a> and <a href=\"https:\/\/access.redhat.com\/security\/cve\/CVE-2026-15143\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-15143<\/a> Check for available updates and install them as soon as they are available.<\/li>\n<\/ol>\n\n\n\n<p>Proactive management of such vulnerabilities is a key component of information security management systems (ISMS) in accordance with <strong>ISO 27001<\/strong> and a requirement under regulations such as <strong>NIS-2<\/strong>. An established process for vulnerability and patch management is essential for maintaining compliance.<\/p>\n\n\n\n<p>In addition, companies and government agencies in the DACH region are subject to specific legal obligations: If a successful attack exploiting these vulnerabilities results in unauthorized access to personal data, the reporting requirement under <strong>Art. 33 of the GDPR<\/strong> within 72 hours to the competent supervisory authority. Operators of essential facilities as defined in the <strong>NIS-2 Directive<\/strong> are also required to maintain a verifiable vulnerability management system and to report significant security incidents immediately. The BSI generally recommends prioritizing the installation of available security updates for vulnerabilities rated as critical.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How LocateRisk Helps with Risk Mitigation<\/strong><\/h2>\n\n\n\n<p>Vulnerabilities such as CVE-2026-15378 and CVE-2026-15143 highlight the importance of continuously monitoring external IT infrastructure and the security posture of suppliers.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>External Attack Surface Management (EASM):<\/strong> Red Hat OpenShift AI is often operated as a service on customer-owned domains and is therefore part of the external attack surface. LocateRisk helps IT teams identify exposed systems\u2014including forgotten subdomains, shadow IT, and uncataloged cloud assets\u2014and prioritize potentially vulnerable assets before they can be actively exploited.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Vendor Risk Management (VRM):<\/strong> Continuous monitoring of the security of technology providers such as Red Hat is crucial. LocateRisk evaluates the security performance of third-party providers and alerts organizations to critical vulnerabilities or a decline in security levels. This enables systematic management of risks in the supply chain.<\/li>\n<\/ul>\n\n\n\n<p>The combination of an external assessment of a company\u2019s own infrastructure (EASM) and vendor risk management (VRM) helps companies systematically reduce and identify at an early stage the risks posed by vulnerabilities in third-party software.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources and further information<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Red Hat Security Advisory (CVE-2026-15378):<\/strong> <a href=\"https:\/\/access.redhat.com\/security\/cve\/CVE-2026-15378\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/access.redhat.com\/security\/cve\/CVE-2026-15378<\/a><\/li>\n\n\n\n<li><strong>Red Hat Security Advisory (CVE-2026-15143):<\/strong> <a href=\"https:\/\/access.redhat.com\/security\/cve\/CVE-2026-15143\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/access.redhat.com\/security\/cve\/CVE-2026-15143<\/a><\/li>\n\n\n\n<li><strong>Red Hat Bugzilla:<\/strong> <a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2498941\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2498941<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Frequently asked questions<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What is a Server-Side Request Forgery (SSRF)?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">A Server-Side Request Forgery (SSRF) is a security vulnerability in which an attacker tricks a server into sending a request to a resource controlled by the attacker or to an internal resource. In this process, the server acts as a proxy, which can be used to bypass firewalls and gain access to internal systems.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Which versions of Red Hat OpenShift AI are affected?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">As of the disclosure date (July 10, 2026), Red Hat has not published any specific affected or patched version numbers for either CVE. Administrators should check all production RHOAI installations for the <strong>guardrail detectors<\/strong>- Treat the component as potentially affected and continuously check the official security advisories for updated information.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Is there a patch available for CVE-2026-15378 and CVE-2026-15143?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">As of the publication date of this article (July 10, 2026), no specific patched versions are yet known for either vulnerability. Organizations using Red Hat OpenShift AI should regularly check the official Red Hat Security Advisories for available updates and apply them immediately upon release. ## Do you know your external attack surface? LocateRisk continuously identifies and assesses your external IT systems for security vulnerabilities. This way, you always know where your company is vulnerable. <a href=\"https:\/\/locaterisk.com\/en\/demo\/\" target=\"_blank\" rel=\"noreferrer noopener\">Request a free safety check<\/a><\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Request your personal Live-Demo now<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"first name\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"last name\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Email\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">I agree with the <a href=\"https:\/\/locaterisk.com\/en\/datenschutz\/\" target=\"_self\">privacy policy<\/a>.<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Request a Demo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Your personal consultant<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Get in Touch Now<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/en\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/about\/\">About Us<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/impressum\/\">Legal Notice<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/datenschutz\/\">Privacy<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/gtc.pdf\">General Terms and Conditions<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/jobs\/\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Two critical SSRF vulnerabilities (CVE-2026-15378, CVE-2026-15143) with a CVSS score of 9.3 in Red Hat OpenShift AI allow attackers to gain unauthorized access to cloud and Kubernetes systems.<\/p>","protected":false},"author":13,"featured_media":9141,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Red Hat OpenShift AI \u2013 mehrere kritische L\u00fccken \u2013 Update empfohlen<\/title>\n<meta name=\"description\" content=\"Zwei kritische SSRF-Schwachstellen (CVE-2026-15378, CVE-2026-15143) mit CVSS 9.3 in Red Hat OpenShift AI erm\u00f6glichen Angreifern unautorisierten Zugriff auf Cloud- und Kubernetes-Systeme.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/en\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Red Hat OpenShift AI \u2013 mehrere kritische L\u00fccken \u2013 Update empfohlen\" \/>\n<meta property=\"og:description\" content=\"Zwei kritische SSRF-Schwachstellen (CVE-2026-15378, CVE-2026-15143) mit CVSS 9.3 in Red Hat OpenShift AI erm\u00f6glichen Angreifern unautorisierten Zugriff auf Cloud- und Kubernetes-Systeme.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/en\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-10T16:35:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"Red Hat OpenShift AI: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-15378, CVE-2026-15143)\",\"datePublished\":\"2026-07-10T16:35:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/\"},\"wordCount\":1276,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/initial-access-vector.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/\",\"name\":\"Red Hat OpenShift AI \u2013 mehrere kritische L\u00fccken \u2013 Update empfohlen\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/initial-access-vector.png\",\"datePublished\":\"2026-07-10T16:35:35+00:00\",\"description\":\"Zwei kritische SSRF-Schwachstellen (CVE-2026-15378, CVE-2026-15143) mit CVSS 9.3 in Red Hat OpenShift AI erm\u00f6glichen Angreifern unautorisierten Zugriff auf Cloud- und Kubernetes-Systeme.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/initial-access-vector.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/initial-access-vector.png\",\"width\":400,\"height\":400,\"caption\":\"initial-access-vector\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Red Hat OpenShift AI: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-15378, CVE-2026-15143)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Red Hat OpenShift AI \u2013 mehrere kritische L\u00fccken \u2013 Update empfohlen","description":"Two critical SSRF vulnerabilities (CVE-2026-15378, CVE-2026-15143) with a CVSS score of 9.3 in Red Hat OpenShift AI allow attackers to gain unauthorized access to cloud and Kubernetes systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/en\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/","og_locale":"en_US","og_type":"article","og_title":"Red Hat OpenShift AI \u2013 mehrere kritische L\u00fccken \u2013 Update empfohlen","og_description":"Zwei kritische SSRF-Schwachstellen (CVE-2026-15378, CVE-2026-15143) mit CVSS 9.3 in Red Hat OpenShift AI erm\u00f6glichen Angreifern unautorisierten Zugriff auf Cloud- und Kubernetes-Systeme.","og_url":"https:\/\/locaterisk.com\/en\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/","og_site_name":"LocateRisk","article_published_time":"2026-07-10T16:35:35+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kristina Hoinkis","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"Red Hat OpenShift AI: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-15378, CVE-2026-15143)","datePublished":"2026-07-10T16:35:35+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/"},"wordCount":1276,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/","url":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/","name":"Red Hat OpenShift AI \u2013 mehrere kritische L\u00fccken \u2013 Update empfohlen","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png","datePublished":"2026-07-10T16:35:35+00:00","description":"Two critical SSRF vulnerabilities (CVE-2026-15378, CVE-2026-15143) with a CVSS score of 9.3 in Red Hat OpenShift AI allow attackers to gain unauthorized access to cloud and Kubernetes systems.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/initial-access-vector.png","width":400,"height":400,"caption":"initial-access-vector"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/de\/red-hat-openshift-ai-mehrere-kritische-sicherheitsluecken-cve-2026-15378-cve-2026-15143\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"Red Hat OpenShift AI: mehrere kritische Sicherheitsl\u00fccken (CVE-2026-15378, CVE-2026-15143)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Measure and compare IT security","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/comments?post=9156"}],"version-history":[{"count":0,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9156\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media\/9141"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media?parent=9156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/categories?post=9156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/tags?post=9156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}