CVE-2026-34940: KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/
highvulnerability
security
Summary
KubeAI, a tool that runs AI models on Kubernetes (a system for managing containerized applications), has a vulnerability in versions before 0.23.2 where attackers can inject malicious shell commands (arbitrary code execution instructions) through Model resource creation. The flaw exists because the ollamaStartupProbeScript() function doesn't properly validate user input when building commands that run during startup checks.
Solution / Mitigation
Upgrade to version 0.23.2 or later, which fixes this vulnerability.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
April 6, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Taxonomy References
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34940
First tracked: April 6, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 92%