A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.
References
| Link | Resource |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7397 | Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7398 | Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7403 | Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7404 | Vendor Advisory |
| https://access.redhat.com/security/cve/CVE-2026-5483 | Vendor Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2454764 | Issue Tracking Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7397 | Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7398 | Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7403 | Vendor Advisory |
| https://access.redhat.com/errata/RHSA-2026:7404 | Vendor Advisory |
| https://access.redhat.com/security/cve/CVE-2026-5483 | Vendor Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2454764 | Issue Tracking Vendor Advisory |
| https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5483.json |
Configurations
Configuration 1 (hide)
|
History
30 Jun 2026, 03:21
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| References | () https://access.redhat.com/errata/RHSA-2026:7397 - Vendor Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2026:7398 - Vendor Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2026:7403 - Vendor Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2026:7404 - Vendor Advisory | |
| References | () https://access.redhat.com/security/cve/CVE-2026-5483 - Vendor Advisory | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2454764 - Issue Tracking, Vendor Advisory |
21 Apr 2026, 19:51
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Redhat
Redhat openshift Ai |
|
| CPE | cpe:2.3:a:redhat:openshift_ai:3.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_ai:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_ai:3.3:*:*:*:*:*:*:* |
|
| References | () https://access.redhat.com/errata/RHSA-2026:7397 - Vendor Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2026:7398 - Vendor Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2026:7403 - Vendor Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2026:7404 - Vendor Advisory | |
| References | () https://access.redhat.com/security/cve/CVE-2026-5483 - Vendor Advisory | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2454764 - Issue Tracking, Vendor Advisory |
10 Apr 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
10 Apr 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
10 Apr 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-10 18:16
Updated : 2026-07-15 01:16
NVD link : CVE-2026-5483
Mitre link : CVE-2026-5483
CVE.ORG link : CVE-2026-5483
JSON object : View
Products Affected
redhat
- openshift_ai
CWE
CWE-201
Insertion of Sensitive Information Into Sent Data
