CVE-2026-34940 | THREATINT

Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

PUBLISHED Reserved 2026-03-31 | Published 2026-04-06 | Updated 2026-04-16 | Assigner GitHub_M

HIGH: 8.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

< 0.23.2

affected

References

github.com/...kubeai/security/advisories/GHSA-324q-cwx9-7crr exploit

github.com/...kubeai/security/advisories/GHSA-324q-cwx9-7crr

cve.org (CVE-2026-34940)

nvd.nist.gov (CVE-2026-34940)

Download JSON