CVE-2026-34940

Source
https://cve.org/CVERecord?id=CVE-2026-34940
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34940.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-34940
Aliases
Published
2026-04-06T15:49:06.918Z
Modified
2026-07-08T08:12:55.392360925Z
Severity
  • 8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
Details

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34940.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-78"
    ]
}
References

Affected packages

Git / github.com/kubeai-project/kubeai

Affected ranges

Type
GIT
Repo
https://github.com/kubeai-project/kubeai
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:kubeai:kubeai:*:*:*:*:*:kubernetes:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.23.2"
        }
    ]
}

Affected versions

0.*
0.4.0
helm-chart-kubeai-0.*
helm-chart-kubeai-0.10.0
helm-chart-kubeai-0.11.0
helm-chart-kubeai-0.12.0
helm-chart-kubeai-0.13.0
helm-chart-kubeai-0.14.0
helm-chart-kubeai-0.15.0
helm-chart-kubeai-0.18.0
helm-chart-kubeai-0.19.0
helm-chart-kubeai-0.20.0
helm-chart-kubeai-0.21.0
helm-chart-kubeai-0.22.0
helm-chart-kubeai-0.22.1
helm-chart-kubeai-0.23.0
helm-chart-kubeai-0.23.1
helm-chart-kubeai-0.4.1
helm-chart-kubeai-0.4.2
helm-chart-kubeai-0.5.0
helm-chart-kubeai-0.5.1
helm-chart-kubeai-0.6.0
helm-chart-kubeai-0.7.0
helm-chart-kubeai-0.8.0
helm-chart-kubeai-0.9.0
helm-chart-models-0.*
helm-chart-models-0.10.0
helm-chart-models-0.11.0
helm-chart-models-0.12.0
helm-chart-models-0.13.0
helm-chart-models-0.14.0
helm-chart-models-0.15.0
helm-chart-models-0.18.0
helm-chart-models-0.19.0
helm-chart-models-0.20.0
helm-chart-models-0.21.0
helm-chart-models-0.23.0
helm-chart-models-0.23.1
helm-chart-models-0.4.1
helm-chart-models-0.5.0
helm-chart-models-0.6.0
helm-chart-models-0.7.0
helm-chart-models-0.8.0
helm-chart-models-0.9.0
helm-kubeai-0.*
helm-kubeai-0.4.1
helm-v0.*
helm-v0.10.0
helm-v0.11.0
helm-v0.12.0
helm-v0.13.0
helm-v0.14.0
helm-v0.15.0
helm-v0.18.0
helm-v0.19.0
helm-v0.20.0
helm-v0.21.0
helm-v0.22.0
helm-v0.22.1
helm-v0.23.0
helm-v0.23.1
helm-v0.3.4
helm-v0.4.0
helm-v0.4.0-models
helm-v0.4.1-kubeai
helm-v0.4.2-kubeai
helm-v0.5.0-kubeai
helm-v0.5.0-models
helm-v0.5.1-kubeai
helm-v0.6.0
helm-v0.7.0-kubeai
helm-v0.7.0-models
helm-v0.8.0
helm-v0.9.0
kubeai-0.*
kubeai-0.1.3
kubeai-helm-chart-0.*
kubeai-helm-chart-0.2.0
kubeai-helm-chart-0.2.1
kubeai-helm-chart-0.2.2
kubeai-helm-chart-0.2.3
kubeai-helm-chart-0.2.4
kubeai-helm-chart-0.2.5
kubeai-helm-chart-0.2.6
kubeai-helm-chart-0.2.7
kubeai-helm-chart-0.3.0
kubeai-helm-chart-0.3.1
kubeai-helm-chart-0.3.2
kubeai-helm-chart-0.3.3
kubeai-helm-chart-0.3.4
kubeai-helm-chart-0.4.0
kubeai-helm-chart-0.4.1
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.1.0
v0.1.1
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.23.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34940.json"