{"data":{"id":"6cca13cf-fb01-49dc-b758-b9e4c10b6bc1","title":"CVE-2026-34940: KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/","summary":"KubeAI, a tool that runs AI models on Kubernetes (a system for managing containerized applications), has a vulnerability in versions before 0.23.2 where attackers can inject malicious shell commands (arbitrary code execution instructions) through Model resource creation. The flaw exists because the ollamaStartupProbeScript() function doesn't properly validate user input when building commands that run during startup checks.","solution":"Upgrade to version 0.23.2 or later, which fixes this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34940","publishedAt":"2026-04-06T16:16:37.870Z","cveId":"CVE-2026-34940","cweIds":["CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["KubeAI","Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-06T16:16:37.870Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}