CVE-2026-34940

KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods

Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

INFO

Published Date :

2026-04-06T15:49:06.918Z

Last Modified :

2026-04-07T14:12:56.555Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-34940 vulnerability.

Vendors	Products
Kubeai-project	Kubeai

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34940.

URL	Resource
https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability