CVE-2026-5483
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat OpenShift AI 2.16 | 1775230902 < * | unaffected |
| Red Hat | Red Hat OpenShift AI 2.25 | 1775234711 < * | unaffected |
| Red Hat | Red Hat OpenShift AI 3.2 | 1775523049 < * | unaffected |
| Red Hat | Red Hat OpenShift AI 3.3 | 1775239958 < * | unaffected |
Weaknesses
- CWE-201: Insertion of Sensitive Information Into Sent Data
Workarounds
If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
odh-dashboard: ODH Dashboard Kubernetes Service Account Exposure
Additional References
- https://access.redhat.com/security/cve/CVE-2026-5483
- https://bugzilla.redhat.com/show_bug.cgi?id=2454764
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5483.json
- https://access.redhat.com/errata/RHSA-2026:7397
- https://access.redhat.com/errata/RHSA-2026:7398
- https://access.redhat.com/errata/RHSA-2026:7404
- https://access.redhat.com/errata/RHSA-2026:7403
References
- https://access.redhat.com/errata/RHSA-2026:7397
- https://access.redhat.com/errata/RHSA-2026:7398
- https://access.redhat.com/errata/RHSA-2026:7403
- https://access.redhat.com/errata/RHSA-2026:7404
- https://access.redhat.com/security/cve/CVE-2026-5483
- https://bugzilla.redhat.com/show_bug.cgi?id=2454764
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.