CVE-2026-15044
CVE-2026-15044 is a medium-severity vulnerability with a CVSS 3.x base score of 6.3.
Key facts
- Severity: Medium (CVSS 3.x base score 6.3)
- Actively exploited: Not listed in CISA KEV
- Published:
- Last modified:
Description
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models.
Frequently asked questions
- What is CVE-2026-15044?
- A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models.
- How severe is CVE-2026-15044?
- CVE-2026-15044 has a CVSS 3.x base score of 6.3, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity low, and availability none.
- Is CVE-2026-15044 being actively exploited?
- It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
- How do I fix CVE-2026-15044?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2026-15044 published?
- CVE-2026-15044 was published on 2026-07-08.