Impact
This flaw in guardrails-detectors exposes the public detection API to the delivery of specially crafted regular expressions. The regex triggers catastrophic backtracking, allowing a remote attacker to exhaust the worker process’s CPU resources. The result is an indefinite 100% CPU load that brings down the entire guardrails‑mediated LLM pipeline. The weakness is a classic Regular Expression Denial of Service (ReDoS) classified as CWE‑1333.
Affected Systems
The vulnerability affects Red Hat OpenShift AI deployments that include the guardrails‑detectors component. All versions of Red Hat OpenShift AI that ship this component are potentially susceptible; no specific version delimiters are available in the current data.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate severity. Because the attack vector is remote and unauthenticated, an attacker can target the public API endpoint without credentials. The lack of an EPSS score and the absence of a CISA KEV listing suggest that exploitation is possible but not yet widely observed. If exploited, the denial of service could cripple the entire LLM pipeline, impacting availability for all users of the affected OpenShift AI instance.
OpenCVE Enrichment