CVE-2026-15044
Received Received - Intake

TrustyAI Service Operator Unauthorized Access Vulnerability

Vulnerability report for CVE-2026-15044, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: Red Hat, Inc.

Description

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
trustyai trustyai-service-operator *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the TrustyAI Service Operator, specifically when deploying services like gorch or NemoGuardrails. If a particular security setting (the 'security.opendatahub.io/enable-auth' annotation) is not enabled, the services expose their communication channels without requiring user authentication.

Because of improper authentication handling in the code, any program within the cluster can access the AI guardrails and orchestrator APIs without proper authorization. This happens because the function that checks for authentication incorrectly returns false when the annotation is missing, and there is no default enforcement.

As a result, unauthorized programs can access sensitive AI guardrails and orchestrator APIs, potentially gaining access to sensitive information and making limited changes to AI models.

Impact Analysis

This vulnerability can allow unauthorized programs within the same cluster to access sensitive AI guardrails and orchestrator APIs without authentication.

An attacker exploiting this flaw could gain access to sensitive information managed by the AI guardrails and potentially make limited unauthorized changes to AI models.

Such unauthorized access could compromise the integrity and confidentiality of AI operations within the affected environment.

Detection Guidance

This vulnerability can be detected by checking if the TrustyAI Service Operator deployments, such as gorch or NemoGuardrails, have the security annotation `security.opendatahub.io/enable-auth` enabled. If this annotation is missing, the services expose their communication channels without authentication.

To detect this on your system, you can inspect the Kubernetes pods and their annotations to verify if the required security setting is present.

  • Run the command to list pods and their annotations in the relevant namespace: `kubectl get pods -n <namespace> -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.annotations.security\.opendatahub\.io/enable-auth}{"\n"}{end}'`
  • Check for open HTTP endpoints without authentication by port-forwarding or using network scanning tools to access the AI guardrails and orchestrator APIs exposed by these pods.
Mitigation Strategies

To mitigate this vulnerability immediately, ensure that the security annotation `security.opendatahub.io/enable-auth` is enabled on all TrustyAI Service Operator deployments such as gorch or NemoGuardrails.

This setting enforces authentication on the communication channels, preventing unauthorized access to the AI guardrails and orchestrator APIs.

  • Update the Custom Resource Definitions (CRDs) or deployment manifests to include the annotation `security.opendatahub.io/enable-auth: "true"`.
  • Redeploy or patch the affected services to ensure the authentication requirement is enforced.
  • Review and restrict network policies within the cluster to limit pod-to-pod communication where possible.
Compliance Impact

This vulnerability allows unauthorized access to sensitive AI guardrails and orchestrator APIs within a cluster due to lack of proper authentication. Such unauthorized access could lead to exposure of sensitive information and unauthorized changes to AI models.

Because sensitive information can be accessed without proper authorization, this flaw could negatively impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls on access to sensitive data and systems.

Failure to enforce authentication and authorization mechanisms as required by these regulations may result in violations related to data confidentiality and integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15044. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart