Bug 2498039 (CVE-2026-15044) - CVE-2026-15044 trustyai-service-operator: TrustyAI Service Operator: Unauthenticated access to AI guardrails and orchestrator APIs
Summary: CVE-2026-15044 trustyai-service-operator: TrustyAI Service Operator: Unauthen...
Keywords:
Status: NEW
Alias: CVE-2026-15044
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-08 12:13 UTC by OSIDB Bzimport
Modified: 2026-07-08 14:29 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-08 12:13:19 UTC
controllers/utils/auth.go:22-25 implements RequiresAuth() as return ok && strings.ToLower(val) == "true". The annotation key security.opendatahub.io/enable-auth has no CRD default or mutating webhook. Out-of-the-box deployments serve plain HTTP with no authn/authz for gorch and NemoGuardrails.

Attack vector:
1. Deploy gorch or NemoGuardrails without setting enable-auth annotation
2. Service exposes plain HTTP endpoints to cluster network
3. Any pod can access AI guardrails/orchestrator API without authentication

RequiresAuth() (auth.go:22-25) returns false when the annotation is absent, with no CRD default or webhook to set it.


Note You need to log in before you can comment on or make changes to this bug.