Product
A critical blind Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-15378, exists in the `guardrails-detectors` component, allowing a remote attacker to exploit specially crafted XML Schema Definition (XSD) strings to gain unauthorized access to sensitive information from cloud metadata services, Kubernetes API, internal MinIO, and facilitate local file reads of service account tokens and pod secrets.