CVE-2026-34940

HIGH

KubeAI <0.23.2 Ollama Model URL - OS Command Injection

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-34940. PoCs published by romain-deperne.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2026-34940, demonstrating OS command injection in KubeAI via unsanitized Model URL components in Ollama startup probes. The PoC includes a detailed technical writeup and a YAML file to exploit the vulnerability.

Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

Exploits (1)

github WORKING POC

by romain-deperne · poc

https://github.com/romain-deperne/CVE-2026-34940

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2026-34940, demonstrating OS command injection in KubeAI via unsanitized Model URL components in Ollama startup probes. The PoC includes a detailed technical writeup and a YAML file to exploit the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: KubeAI (github.com/kubeai-project/kubeai) <= commit ba1824e

Auth required

Prerequisites: Ability to create/update Model CRDs in the KubeAI namespace

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr

Scores

CVSS v3 8.7

EPSS 0.0045

EPSS Percentile 35.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

kubeai/kubeai < 0.23.2

kubeai-project/kubeai 0 - 0.23.2Go

kubeai-project/kubeai < 0.23.2

Published Apr 06, 2026

Tracked Since Apr 06, 2026