CVE-2026-34940 HIGH

CVE-2026-34940: KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods

Vendor Kubeai-Project
Product kubeai
Weakness CWE-78
Published April 6, 2026
Last update April 16, 2026
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.

Key dates

02Disclosure timeline

April 6, 2026 CVE published
April 16, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-53100 RestDB's Codehooks.io MCP Server Vulnerable to Command Injection CVE-2021-26724 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4 CVE-2023-44421 D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability CVE-2024-9004 D-Link DAR-7000 Backup_Server_commit.php os command injection CVE-2023-34276 D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability