Red Hat OpenShift AI flaws exposed cross-namespace Llama services and service account tokens
Red Hat disclosed two high-severity vulnerabilities in OpenShift AI that could let authenticated attackers access other tenants’ resources and sensitive Kubernetes credentials. CVE-2025-12805 affects the llama-stack-operator, where a missing NetworkPolicy left the Llama Stack service endpoint reachable across namespaces. Red Hat said a user in one namespace could directly access another user’s Llama Stack instance and potentially view or manipulate sensitive data, with the issue tracked under CWE-653 and rated CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
A second flaw, CVE-2026-5483, impacts the odh-dashboard component and can expose Kubernetes Service Account tokens through a Node.js endpoint. Red Hat warned that disclosure of those tokens could enable unauthorized access to Kubernetes resources; the issue is mapped to CWE-201 and carries the vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. Red Hat published CVE records, Bugzilla entries, and errata references for both vulnerabilities, highlighting risks to confidentiality and integrity in multi-tenant OpenShift AI deployments.
Timeline
Apr 10, 2026
Red Hat receives and updates CVE-2026-5483 for odh-dashboard token exposure
On 2026-04-10, Red Hat received and modified CVE-2026-5483 affecting the odh-dashboard component of OpenShift AI. The flaw could expose Kubernetes Service Account tokens through a NodeJS endpoint, potentially enabling unauthorized access to Kubernetes resources.
Mar 26, 2026
Red Hat receives CVE-2025-12805 report for llama-stack-operator exposure
Red Hat received a report of CVE-2025-12805 on 2026-03-26 affecting the OpenShift AI llama-stack-operator. The issue was caused by a missing NetworkPolicy, allowing cross-namespace access to Llama Stack services and possible exposure or manipulation of sensitive data.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Red Hat OpenShift Service Mesh Flaws Expose Kiali to Denial of Service
Red Hat OpenShift Service Mesh was the subject of multiple security advisories, including a broader notice covering **multiple vulnerabilities** and a follow-on advisory identifying a flaw in **Kiali**, the service mesh observability and management component, that could allow **denial of service**. The issues affect deployments using OpenShift Service Mesh and highlight risk in both the core platform and associated management tooling. The advisories from dCERT indicate that organizations running Red Hat OpenShift Service Mesh should review vendor guidance and assess exposure in environments where **Kiali** is enabled, as service disruption could affect visibility and management of mesh traffic. Together, the notices point to a need for prompt patching and validation of Service Mesh components to reduce the chance of outages or abuse of vulnerable functionality.
1 months ago
OpenShift GitOps Privilege Escalation Vulnerability (CVE-2025-13888) Enables Cluster Takeover
A critical vulnerability (CVE-2025-13888) has been identified in OpenShift GitOps, allowing namespace administrators to escalate privileges and potentially take over entire Kubernetes clusters. The flaw enables authenticated attackers to create ArgoCD Custom Resources (CRs) that manipulate the system into granting elevated permissions in other namespaces, including those with privileged access. By leveraging these permissions, attackers can deploy privileged workloads on master nodes, effectively achieving root access across the cluster. Security advisories highlight that this vulnerability is remotely exploitable and poses a significant risk to organizations using OpenShift GitOps. The issue was disclosed by Red Hat, and while specific affected product versions are not detailed, the vulnerability is rated as critical with a CVSS score of 9.1. Organizations are urged to review their OpenShift GitOps deployments and apply mitigations or patches as recommended by the vendor to prevent potential exploitation and cluster compromise.
1 months ago
Critical OpenShift and OpenSSH Flaws Expose Linux Systems to Root Access
Authorities warned that **Red Hat OpenShift Container Platform 4** contains two high-severity vulnerabilities that can lead to code execution and node takeover in enterprise container environments. `CVE-2024-45496` in `ose-openshift-controller-manager-container` carries a **CVSS 9.9** rating and can allow arbitrary code execution on an OpenShift node when a user with developer-level access exploits insufficient restrictions on elevated privileges. `CVE-2024-7387` in `openshift4/ose-docker-builder`, rated **CVSS 9.1**, can enable arbitrary command execution on an OpenShift node and may allow privilege escalation and full control of the affected node. At the time of the alert, mitigations were available but vendor patches had not yet been released. A separate alert highlighted the **regreSSHion** flaw in **OpenSSH**, which can give an attacker unrestricted root-level access on vulnerable Linux and FreeBSD-based systems. The issue affects OpenSSH versions from `8.5p1` up to but not including `9.8p1`, as well as versions earlier than `4.4p1`; OpenBSD-based systems were reported as not vulnerable. Successful exploitation has been confirmed on systems using **glibc**, while systems using **musl libc** were reported as not vulnerable, and the attack currently requires repeated attempts over hours or days. A fix is available in **OpenSSH `9.8p1`**, though some distributors have backported the patch, meaning package version numbers alone may not reliably indicate exposure.
1 weeks ago