eastbaycyber

CVE-2026-15378: Blind SSRF and Local File Read Flaw

CVE explainers 3 min read
SR
Security Research Desk Expert reviewed
Threat intelligence · Human-verified · Updated 2026-07-10
▲ Escalation ViewOne CVE, briefed at three altitudes — skim the Brief, weigh the Impact, or work the Runbook. The way a SOC actually reads it.
CISOBrief · 30-second brief

TL;DR - CVE-2026-15378 is a critical blind SSRF and local file read issue in guardrails-detectors. - Triggered by a specially crafted XSD string during xml-with-schema: processing. - Patch and exact affected versions are not confirmed, so restrict exposure and monitor aggressively.

Vulnerability at a Glance

Field Value
CVE ID CVE-2026-15378
CVSS score 9.3
Attack vector Remote, via crafted XSD input
Privileges required Low or none (assumed)
Patch available Unknown

CVE-2026-15378 affects the guardrails-detectors component, allowing a remote attacker to perform blind SSRF by submitting a specially crafted XML Schema Definition (XSD) string. This flaw can also enable local file reads, turning untrusted parser input into a path for accessing internal services and sensitive files from the host or container filesystem.

The potential impact is severe, exposing credentials from cloud metadata services, Kubernetes API reachability, and local secrets such as service account tokens. Even without a confirmed public exploit, this parser-driven issue should be triaged quickly due to the low-noise nature of exploit attempts.

What Is This Vulnerability?

The flaw is a combination of blind SSRF and local file read caused by unsafe handling of user-supplied XSD content. The NVD description states the trigger is a specially crafted XSD string. If an application accepts XML plus schema-related input and the parser resolves external schema references or file paths without strong restrictions, an attacker can force the application to fetch network resources or local files.

Technical Notes

A simplified example of the risky pattern is user-controlled schema input that can reference external or local resources:

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:import namespace="http://example.org/ext"
             schemaLocation="http://169.254.169.254/latest/meta-data/" />
</xs:schema>

A local file access variant may look like this:

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:include schemaLocation="file:///var/run/secrets/kubernetes.io/serviceaccount/token"/>
</xs:schema>
AnalystImpact · assess the risk

Who Is Affected?

The confirmed affected component is guardrails-detectors. The specific affected version range is currently unknown, and the fixed version is also not confirmed. Organizations should assume that any deployed version of guardrails-detectors using user-supplied XML Schema processing could be affected.

For asset owners, the key questions are: “Do we use guardrails-detectors?” and “Do we expose any workflow that lets untrusted users submit XML, XSD, or content that triggers xml-with-schema: parsing?”

CVSS Score Breakdown

The reported CVSS v3.x base score is 9.3, indicating a critical issue. The severity is based on the described impact, with a remote input path that can trigger SSRF and read local sensitive files.

Exploitation Status

As of 2026-07-10, active exploitation in the wild is not confirmed. The CVE is not listed in CISA’s Known Exploited Vulnerabilities catalog. Security teams should not wait for KEV inclusion or exploit code release before taking action.

ResponderRunbook · act now

How to Detect It

Detection should focus on requests that trigger schema parsing, unexpected outbound connections, and attempts to access sensitive local files. Network telemetry is often more revealing than application responses.

Technical Notes

Look for outbound traffic from the application host to sensitive destinations:

169.254.169.254
metadata.google.internal
100.100.100.200
kubernetes.default.svc

Mitigation and Patching

The fixed version number is not confirmed. Defenders should prioritize exposure reduction by disabling any feature path that accepts untrusted XML/XSD input into guardrails-detectors. Restrict outbound egress from the service and block access to cloud metadata endpoints where possible.

Technical Notes

Use package inventory to identify deployments:

pip show guardrails-detectors

If a patched release has been announced, upgrade to the vendor-stated fixed version once verified:

pip install --upgrade guardrails-detectors==<FIXED_VERSION>

References

Primary references include the NVD entry, the Red Hat CVE page, and the CISA KEV catalog lookup. These sources confirm the CVE ID and vulnerability class but do not provide a verifiable fixed version or exact affected version range.

For more information on related topics, check out our articles on Kubernetes Secrets Management Best Practices and CVE-2026-42822.

This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.

Last verified: 2026-07-10

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.