CVE-2026-15378
Received Received - Intake

Blind SSRF via XSD in Guardrails-Detectors

Vulnerability report for CVE-2026-15378, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: Red Hat, Inc.

Description

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15378 is a vulnerability in the guardrails-detectors component that allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string.

The vulnerability arises because the file_type detector accepts arbitrary XML Schema Definition strings from the request body and passes them directly to the xmlschema.XMLSchema() function, which resolves external references such as xs:import, xs:include, or xs:redefine over any URL scheme.

This behavior enables an attacker to cause the system to make requests to internal or external resources, including cloud metadata services, Kubernetes API, internal MinIO, and local files like service account tokens and pod secrets.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive information by allowing an attacker to perform blind SSRF attacks and local file reads.

  • The attacker can steal credentials from cloud metadata services.
  • It can expose sensitive internal services such as the Kubernetes API and internal MinIO.
  • Local critical data such as service account tokens and pod secrets can be read by the attacker.

Overall, this can lead to credential theft, unauthorized internal network access, and exposure of sensitive data.

Detection Guidance

This vulnerability can be detected by monitoring for requests that include specially crafted XML Schema Definition (XSD) strings targeting internal or external resources. Specifically, look for XML payloads containing malicious schemaLocation attributes that attempt to access cloud metadata services, Kubernetes API endpoints, internal MinIO, or local files.

Since the vulnerability involves the guardrails-detectors component processing XML Schema inputs, detection can involve inspecting logs or network traffic for unusual XML Schema requests or unexpected outbound requests from the detector pod to internal or cloud metadata endpoints.

Suggested commands to detect exploitation attempts might include:

  • Using network monitoring tools (e.g., tcpdump or Wireshark) to capture outbound requests from the detector pod to internal IP ranges or cloud metadata IPs.
  • Searching logs for XML payloads containing schemaLocation attributes, for example using grep:
  • grep -r 'schemaLocation' /path/to/guardrails/logs
  • Monitoring for unexpected HTTP requests from the detector pod to internal services, e.g.:
  • tcpdump -i any host 169.254.169.254 or host <internal-k8s-api-ip>
Mitigation Strategies

Immediate mitigation steps include restricting or disabling the processing of user-supplied XML Schema Definition strings in the guardrails-detectors component to prevent SSRF and local file read attacks.

Additionally, limit network access from the detector pod to sensitive internal endpoints such as cloud metadata services, Kubernetes API servers, and internal storage services to reduce the attack surface.

Applying any available patches or updates from the vendor that address this vulnerability is critical.

As a temporary workaround, consider implementing network policies or firewall rules to block outbound requests from the detector pod to internal or cloud metadata IP addresses.

Compliance Impact

This vulnerability allows unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and local files such as service account tokens and pod secrets.

Such unauthorized access and potential data exposure can lead to violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls over sensitive data and credentials.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to the risk of sensitive data leakage and insufficient protection of critical information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart