- Issued:
- 2026-01-30
- Updated:
- 2026-02-11
RHSA-2026:1610 - Security Advisory
Synopsis
Critical: Red Hat OpenShift Lightspeed 1.0.9 security update
Type/Severity
Security Advisory: Critical
Topic
Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes
and container updates.
Description
Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated
into the OpenShift console. It can answer questions related to OpenShift and layered
offerings.
Security Fix(es):
langchain-core: LangChain: Arbitrary code execution via serialization injection (CVE-2025-68664)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.`
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Fixes
(none)CVEs
amd64
| registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783 |
| registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673 |
| registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302 |
| registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821 |
| registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa |
| registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e |
arm64
| registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7 |
| registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93 |
| registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621 |
| registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
