{"id":"CVE-2026-34940","summary":"KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods","details":"KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components (ref, modelParam). This shell command is executed via bash -c as a Kubernetes startup probe. An attacker who can create or update Model custom resources can inject arbitrary shell commands that execute inside model server pods. This vulnerability is fixed in 0.23.2.","aliases":["GHSA-324q-cwx9-7crr","GO-2026-4920"],"modified":"2026-07-08T08:12:55.392360925Z","published":"2026-04-06T15:49:06.918Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34940.json","cwe_ids":["CWE-78"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34940.json"},{"type":"ADVISORY","url":"https://github.com/kubeai-project/kubeai/security/advisories/GHSA-324q-cwx9-7crr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34940"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubeai-project/kubeai","events":[{"introduced":"0"},{"fixed":"1fe298de72c1c8b840c5e903f66aa1f2213fb29a"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.23.2"}],"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:kubeai:kubeai:*:*:*:*:*:kubernetes:*:*"}}],"versions":["v0.23.1","helm-v0.23.1","helm-chart-models-0.23.1","helm-chart-kubeai-0.23.1","helm-v0.23.0","helm-chart-models-0.23.0","helm-chart-kubeai-0.23.0","v0.22.1","helm-v0.22.1","helm-chart-kubeai-0.22.1","helm-v0.22.0","helm-chart-kubeai-0.22.0","v0.22.0","helm-v0.21.0","helm-chart-models-0.21.0","helm-chart-kubeai-0.21.0","v0.21.0","helm-v0.20.0","helm-chart-models-0.20.0","helm-chart-kubeai-0.20.0","v0.20.0","helm-v0.19.0","helm-chart-models-0.19.0","helm-chart-kubeai-0.19.0","v0.19.0","helm-v0.18.0","helm-chart-models-0.18.0","helm-chart-kubeai-0.18.0","v0.18.0","helm-v0.15.0","helm-chart-models-0.15.0","helm-chart-kubeai-0.15.0","v0.17.0","helm-v0.14.0","helm-chart-models-0.14.0","helm-chart-kubeai-0.14.0","v0.16.0","helm-v0.13.0","helm-chart-models-0.13.0","helm-chart-kubeai-0.13.0","v0.15.0","helm-v0.12.0","helm-chart-models-0.12.0","helm-chart-kubeai-0.12.0","v0.14.0","helm-v0.11.0","helm-chart-models-0.11.0","helm-chart-kubeai-0.11.0","v0.13.0","helm-v0.10.0","helm-chart-models-0.10.0","helm-chart-kubeai-0.10.0","v0.12.0","helm-v0.9.0","helm-chart-models-0.9.0","helm-chart-kubeai-0.9.0","v0.11.0","helm-v0.8.0","helm-chart-models-0.8.0","helm-chart-kubeai-0.8.0","v0.10.0","helm-v0.7.0-models","helm-chart-models-0.7.0","helm-v0.7.0-kubeai","helm-chart-kubeai-0.7.0","v0.9.0","helm-v0.6.0","helm-chart-models-0.6.0","helm-chart-kubeai-0.6.0","v0.8.0","helm-v0.5.1-kubeai","helm-chart-kubeai-0.5.1","helm-v0.5.0-models","helm-chart-models-0.5.0","helm-v0.5.0-kubeai","helm-chart-kubeai-0.5.0","v0.7.0","helm-v0.4.2-kubeai","helm-chart-kubeai-0.4.2","v0.6.1","helm-v0.4.1-kubeai","helm-kubeai-0.4.1","helm-chart-models-0.4.1","helm-chart-kubeai-0.4.1","kubeai-helm-chart-0.4.1","0.4.0","helm-v0.4.0-models","kubeai-helm-chart-0.4.0","helm-v0.4.0","v0.6.0","kubeai-helm-chart-0.3.4","helm-v0.3.4","v0.5.3","v0.5.2","kubeai-helm-chart-0.3.3","v0.5.1","kubeai-helm-chart-0.3.2","kubeai-helm-chart-0.3.1","v0.5.0","kubeai-helm-chart-0.3.0","kubeai-helm-chart-0.2.7","v0.4.5","kubeai-helm-chart-0.2.6","v0.4.4","kubeai-helm-chart-0.2.5","kubeai-helm-chart-0.2.4","kubeai-helm-chart-0.2.3","v0.4.3","kubeai-helm-chart-0.2.2","kubeai-helm-chart-0.2.1","v0.4.2","kubeai-helm-chart-0.2.0","v0.4.1","kubeai-0.1.3","v0.4.0","v0.3.0","v0.2.3","v0.2.2","v0.2.1","v0.2.0","v0.1.1","v0.1.0","v0.0.7","v0.0.6","v0.0.5","v0.0.4","v0.0.3","v0.0.2","v0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34940.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"}]}