CVE-2026-34940

Published: Apr 6, 2026Modified: Apr 15, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

Affected (1)

Products: Kubeai: Kubeai

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kubeai Kubeai	Before 0.23.2

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr

Source: security-advisories@github.com

ExploitMitigationVendor Advisory

https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitMitigationVendor Advisory

Timeline

No history available yet.