CVE-2026-15143
Received Received - Intake

Remote XML Schema Processing Arbitrary File Read in Guardrails-Detectors

Vulnerability report for CVE-2026-15143, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: Red Hat, Inc.

Description

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
guardrails guardrails-detectors *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the guardrails-detectors component, specifically in its file_type content detector. It allows a remote attacker to send an arbitrary XML Schema Definition (XSD) string to the service. The service processes this XSD without proper restrictions or sanitization.

Because the xmlschema.XMLSchema() function used to process the XSD resolves schema references over any URL scheme (like HTTP(S) or file://) by default, an attacker can craft a malicious XSD that causes the server to make requests to arbitrary URLs or read local files.

This can lead to server-side requests to attacker-controlled or sensitive internal resources, potentially exposing sensitive information such as cloud provider credentials or internal network services.

Impact Analysis

The vulnerability can impact you by allowing an attacker to cause the vulnerable server to perform unauthorized server-side requests or local file reads.

This can result in the disclosure of sensitive information, including cloud provider credentials or access to internal network services that should not be exposed.

Although the attacker does not receive direct responses (the exploitation is blind), the server-side actions can compromise the confidentiality of sensitive data and internal infrastructure.

Detection Guidance

This vulnerability can be detected by monitoring for requests to the guardrails-detectors service that contain XML Schema Definition (XSD) strings with external schemaLocation references. Specifically, look for requests that include <xs:import>, <xs:include>, or <xs:redefine> elements pointing to external URLs or local file paths.

Since the exploitation involves sending malicious XSD data to the detector service, network traffic inspection tools can be used to identify suspicious payloads containing such schema references.

Example commands to detect suspicious requests might include using network capture tools like tcpdump or tshark to filter HTTP POST requests to the detector service and then searching for XSD schemaLocation patterns.

  • tcpdump -i <interface> -A -s 0 'tcp port <detector_port> and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'schemaLocation'
  • tshark -i <interface> -Y 'http.request.method == "POST" && http contains "schemaLocation"' -T fields -e http.file_data

Additionally, reviewing application logs for requests containing XSD payloads with external references can help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting or sanitizing the XML Schema Definition (XSD) inputs processed by the guardrails-detectors component to prevent external schema references from being resolved.

Specifically, configure the xmlschema.XMLSchema() function to restrict external references by setting the allow parameter to 'sandbox' or 'local', which limits schema resolution to safe locations.

If configuration changes are not immediately possible, consider implementing network-level controls to block outbound HTTP(S) and file:// requests initiated by the detector service to untrusted locations.

Also, monitor and restrict access to the detector service to trusted users and networks only, reducing the attack surface.

Finally, apply any available patches or updates from the vendor or project that address this vulnerability as soon as they become available.

Compliance Impact

This vulnerability can lead to the disclosure of sensitive information such as cloud provider credentials or access to internal network services due to server-side requests or local file reads triggered by malicious XML Schema Definitions.

Such unauthorized disclosure of sensitive data can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive information and prevention of unauthorized access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15143. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart