Description
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
Published: 2026-04-10
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Kubernetes Service Account Token Disclosure
Action: Patch Now
AI Analysis

Impact

The flaw resides in the odh-dashboard component of Red Hat OpenShift AI and allows an attacker to obtain Kubernetes Service Account tokens via a NodeJS endpoint. Exposed service account tokens are sensitive authentication credentials; their disclosure can lead to unauthorized access or manipulation of Kubernetes resources, threatening the confidentiality and integrity of cluster data.

Affected Systems

The vulnerability applies to Red Hat OpenShift AI releases 2.16, 2.25, 3.2, and 3.3. Any deployment of the odh-dashboard component in these RHOAI versions is susceptible to token exposure.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity, and the absence of an EPSS score or KEV listing does not diminish the potential risk. Based on the description, it is inferred that an attacker who can reach the NodeJS endpoint of the dashboard service may obtain service account tokens; the extent of damage depends on the privileges granted to those tokens. Consequently, the flaw poses a significant risk of unauthorized Kubernetes resource access.

Generated by OpenCVE AI on April 10, 2026 at 23:05 UTC.

Remediation

Vendor Workaround

If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment.

OpenCVE Recommended Actions

  • Apply the Red Hat security updates RHSA-2026:7397, RHSA-2026:7398, RHSA-2026:7403, and RHSA-2026:7404 to update the odh-dashboard component.
  • If an immediate update is not possible, disable or remove the NVIDIA Inference Microservice integration from the RHOAI environment.
  • Continuously monitor RHOAI logs for abnormal API usage that may indicate token misuse or exploitation.

Generated by OpenCVE AI on April 10, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:openshift_ai:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_ai:3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_ai:3.3:*:*:*:*:*:*:*

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Ai 2.16
Redhat openshift Ai 3.3
Vendors & Products Redhat openshift Ai 2.16
Redhat openshift Ai 3.3

Sat, 11 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_ai:2.25::el9
cpe:/a:redhat:openshift_ai:3.2::el9
References

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_ai:3.3::el9
References

Fri, 10 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
Title Odh-dashboard: odh dashboard kubernetes service account exposure
First Time appeared Redhat
Redhat openshift Ai
Weaknesses CWE-201
CPEs cpe:/a:redhat:openshift_ai
cpe:/a:redhat:openshift_ai:2.16::el8
Vendors & Products Redhat
Redhat openshift Ai
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Redhat Openshift Ai Openshift Ai 2.16 Openshift Ai 3.3
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-29T05:20:59.210Z

Reserved: 2026-04-03T12:27:18.589Z

Link: CVE-2026-5483

cve-icon Vulnrichment

Updated: 2026-04-10T18:34:03.174Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T18:16:46.567

Modified: 2026-04-21T19:51:11.643

Link: CVE-2026-5483

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-10T17:16:00Z

Links: CVE-2026-5483 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:04Z

Weaknesses