KubeAI has an OS Command Injection via Model URL in...

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

AI Analysis

OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods

Basic Information

ID CVE-2026-34940

Source GitHub_M

Published Apr 6, 2026 at 15:49

Modified Apr 15, 2026 at 21:05

Affected Product

Vendor kubeai-project

Product kubeai

Version < 0.23.2

Affected Versions kubeai-project kubeai < 0.23.2

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor KubeAI Project

Product KubeAI

Version < 0.23.2

References

github.com /kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr

{
    "lastseen": "",
    "description": "KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.",
    "published": "2026-04-06T15:49:06.918Z",
    "modified": "2026-04-15T21:05:51.281Z",
    "type": "cve",
    "title": "KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods",
    "source": "GitHub_M",
    "references": "https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr",
    "id": "CVE-2026-34940",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "kubeai-project kubeai < 0.23.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kubeai",
    "version": "< 0.23.2",
    "vendor": "kubeai-project",
    "ai_description": "OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods",
    "ai_severity": "High",
    "ai_vendor": "KubeAI Project",
    "ai_product": "KubeAI",
    "ai_version": "< 0.23.2",
    "ai_score": 8.7
}

KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods_CVE-2026-34940