CVE-2026-15378: Blind SSRF and Local File Read Flaw
TL;DR - CVE-2026-15378 is a critical blind SSRF and local file read issue in
guardrails-detectors. - Triggered by a specially crafted XSD string duringxml-with-schema:processing. - Patch and exact affected versions are not confirmed, so restrict exposure and monitor aggressively.
Vulnerability at a Glance
| Field | Value |
|---|---|
| CVE ID | CVE-2026-15378 |
| CVSS score | 9.3 |
| Attack vector | Remote, via crafted XSD input |
| Privileges required | Low or none (assumed) |
| Patch available | Unknown |
CVE-2026-15378 affects the guardrails-detectors component, allowing a remote attacker to perform blind SSRF by submitting a specially crafted XML Schema Definition (XSD) string. This flaw can also enable local file reads, turning untrusted parser input into a path for accessing internal services and sensitive files from the host or container filesystem.
The potential impact is severe, exposing credentials from cloud metadata services, Kubernetes API reachability, and local secrets such as service account tokens. Even without a confirmed public exploit, this parser-driven issue should be triaged quickly due to the low-noise nature of exploit attempts.
What Is This Vulnerability?
The flaw is a combination of blind SSRF and local file read caused by unsafe handling of user-supplied XSD content. The NVD description states the trigger is a specially crafted XSD string. If an application accepts XML plus schema-related input and the parser resolves external schema references or file paths without strong restrictions, an attacker can force the application to fetch network resources or local files.
Technical Notes
A simplified example of the risky pattern is user-controlled schema input that can reference external or local resources:
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:import namespace="http://example.org/ext"
schemaLocation="http://169.254.169.254/latest/meta-data/" />
</xs:schema>
A local file access variant may look like this:
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:include schemaLocation="file:///var/run/secrets/kubernetes.io/serviceaccount/token"/>
</xs:schema>
Who Is Affected?
The confirmed affected component is guardrails-detectors. The specific affected version range is currently unknown, and the fixed version is also not confirmed. Organizations should assume that any deployed version of guardrails-detectors using user-supplied XML Schema processing could be affected.
For asset owners, the key questions are: “Do we use guardrails-detectors?” and “Do we expose any workflow that lets untrusted users submit XML, XSD, or content that triggers xml-with-schema: parsing?”
CVSS Score Breakdown
The reported CVSS v3.x base score is 9.3, indicating a critical issue. The severity is based on the described impact, with a remote input path that can trigger SSRF and read local sensitive files.
Exploitation Status
As of 2026-07-10, active exploitation in the wild is not confirmed. The CVE is not listed in CISA’s Known Exploited Vulnerabilities catalog. Security teams should not wait for KEV inclusion or exploit code release before taking action.
How to Detect It
Detection should focus on requests that trigger schema parsing, unexpected outbound connections, and attempts to access sensitive local files. Network telemetry is often more revealing than application responses.
Technical Notes
Look for outbound traffic from the application host to sensitive destinations:
169.254.169.254
metadata.google.internal
100.100.100.200
kubernetes.default.svc
Mitigation and Patching
The fixed version number is not confirmed. Defenders should prioritize exposure reduction by disabling any feature path that accepts untrusted XML/XSD input into guardrails-detectors. Restrict outbound egress from the service and block access to cloud metadata endpoints where possible.
Technical Notes
Use package inventory to identify deployments:
pip show guardrails-detectors
If a patched release has been announced, upgrade to the vendor-stated fixed version once verified:
pip install --upgrade guardrails-detectors==<FIXED_VERSION>
References
Primary references include the NVD entry, the Red Hat CVE page, and the CISA KEV catalog lookup. These sources confirm the CVE ID and vulnerability class but do not provide a verifiable fixed version or exact affected version range.
For more information on related topics, check out our articles on Kubernetes Secrets Management Best Practices and CVE-2026-42822.
This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.