Zero Day MonitorZDM

← Back to list

8.5

CVE-2026-5483PATCHED

Red Hat · Red Hat OpenShift AI 2.16

Odh-dashboard: odh dashboard kubernetes service account exposure

Description

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat OpenShift AI 2.16	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	red hat openshift ai	mitre_affected	90%
red hat	red hat openshift ai (rhoai)	mitre_affected	90%
red hat	openshift	cert_advisory	90%

References

https://access.redhat.com/errata/RHSA-2026:7397(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:7398(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:7403(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:7404(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-5483(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2454764(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories7h ago

[NEU] [hoch] Red Hat OpenShift AI: Schwachstelle ermöglicht Offenlegung von Informationen und Privilegieneskalation

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-5483 | Red Hat OpenShift AI Kubernetes Service insertion of sensitive information into sent data (RHSA-2026:7397)

→ No new info (linked only)

CVSS 3.18.5 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

sha256:0a983da3de4ce816435e23da23c4b6f373008aaf2df2b9820bdcc77a9a110341sha256:14ee2bbd445b8a988c487d4b4a7b02ff9afe1c07034b4bba073a5a8263e3293e

CWECWE-201

PublishedApr 10, 2026

Last enriched2d ago

Trending Score36

Source articles2

Independent2

Info Completeness7/14

Missing: versions, cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4631EXP

Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection

Multiple vulnerabilities in Red Hat Enterprise Linux affecting tar and Scrapy components

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

Multiple vulnerabilities in Red Hat Enterprise Linux fontforge allow arbitrary code execution

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026

Patch Available

Apr 10, 2026