CVE-2026-34940

HIGH

KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods

Title source: cna

Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

Exploits (1)

github WORKING POC

by romain-deperne · poc

https://github.com/romain-deperne/CVE-2026-34940

View Code ZIP pw:eip

References (1)

[X_Refsource_Confirm] https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr

Scores

CVSS v3 8.7

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

kubeai/kubeai < 0.23.2

kubeai-project/kubeai 0 - 0.23.2Go

kubeai-project/kubeai < 0.23.2

Published Apr 06, 2026

Tracked Since Apr 06, 2026