A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services. | |
| Title | Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:) | |
| First Time appeared |
Redhat
Redhat openshift Ai |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:/a:redhat:openshift_ai | |
| Vendors & Products |
Redhat
Redhat openshift Ai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-10T15:46:37.212Z
Reserved: 2026-07-08T17:24:00.555Z
Link: CVE-2026-15143
Updated: 2026-07-10T15:46:28.870Z
No data.
No data.
OpenCVE Enrichment
No data.