PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5483 Red Hat CVE debrief

CVE-2026-5483 is a high-severity vulnerability in the odh-dashboard component of Red Hat OpenShift AI (RHOAI). The flaw allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, potentially enabling an attacker to gain unauthorized access to Kubernetes resources. The vulnerability has a CVSS score of 8.5 and is considered HIGH severity. Red Hat has released advisories and patches to address this issue. Affected versions include OpenShift AI 2.16, 2.25, 3.2, and 3.3. Users should apply the necessary patches to mitigate this vulnerability.

Vendor
Red Hat
Product
Red Hat OpenShift AI 2.16
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-10
Original CVE updated
2026-06-30
Advisory published
2026-04-10
Advisory updated
2026-06-30

Who should care

This vulnerability affects users of Red Hat OpenShift AI, particularly those using versions 2.16, 2.25, 3.2, and 3.3. Kubernetes administrators and security teams should assess their exposure and apply patches or mitigations as needed. The vulnerability's high severity and potential impact on Kubernetes resource access make it a priority for organizations using affected OpenShift AI versions.

Technical summary

The CVE-2026-5483 vulnerability is caused by a flaw in the odh-dashboard component of Red Hat OpenShift AI. Specifically, it allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating a high severity level. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-201.

Defensive priority

Apply patches: Red Hat has released advisories (RHSA-2026:7397, RHSA-2026:7398, RHSA-2026:7403, RHSA-2026:7404) and users should apply them as soon as possible. Inventory and prioritize: Ensure accurate inventory of OpenShift AI deployments, focusing on affected versions (2.16, 2.25, 3.2, 3.3).

Recommended defensive actions

  • Apply patches from Red Hat advisories (RHSA-2026:7397, RHSA-2026:7398, RHSA-2026:7403, RHSA-2026:7404) to affected OpenShift AI versions.
  • Conduct an inventory of OpenShift AI deployments to identify potentially affected versions (2.16, 2.25, 3.2, 3.3).
  • Prioritize patching based on deployment criticality and exposure.
  • Monitor for unusual Kubernetes activity that may indicate exploitation attempts.
  • Implement compensating controls such as additional authentication mechanisms for Kubernetes resources.

Evidence notes

The CVE-2026-5483 vulnerability was publicly disclosed on April 10, 2026, and last modified on June 30, 2026. The vulnerability affects multiple versions of Red Hat OpenShift AI. Red Hat has provided several advisories and patches to address this issue. The CVSS score of 8.5 indicates high severity. The CWE associated with this vulnerability is CWE-201.

Official resources

This article is AI-assisted and based on the supplied source corpus.