CVE-2026-6587

high

Red Hat

CVSS v3 Base Score

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 99% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

Low

Availability

Low

Published: April 20, 2026 (24 days ago)

Last Modified: April 20, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery (SSRF) vulnerability by manipulating the retrieved_contexts argument within the _try_process_local_file or _try_process_url functions. This manipulation allows the attacker to induce the server to make arbitrary requests, potentially leading to information disclosure or access to internal resources.

CWE

CWE-918

Affected Products

Red Hat OpenShift AI (RHOAI)

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 adithyanak.com 🔗 vuldb.com

CVE-2026-6587

Vulnerability Report

Description

CWE

Affected Products

References