CVE-2026-5483

Summary

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenShift AI 2.161775230902 < *unaffected
Red HatRed Hat OpenShift AI 2.251775234711 < *unaffected
Red HatRed Hat OpenShift AI 3.21775523049 < *unaffected
Red HatRed Hat OpenShift AI 3.31775239958 < *unaffected

Weaknesses

  • CWE-201: Insertion of Sensitive Information Into Sent Data

Workarounds

If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

odh-dashboard: ODH Dashboard Kubernetes Service Account Exposure

Additional References

References