CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-15378

criticalCVSS 9.3covered by 1 sourcefirst seen 2026-07-10
A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets.

⚡ Watch CVE-2026-15378

Get an email if CVE-2026-15378 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-15378

CVE.org record

Embed the live status

CVE-2026-15378 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-15378 status](https://www.csirts.com/badge/CVE-2026-15378)](https://www.csirts.com/cve/CVE-2026-15378)