CVE-2026-15925
Severity: important
Released on: 16/07/2026
Advisory:
Bugzilla: 2501255
Bugzilla Description:
snowflake-connector-python: Snowflake Connector for Python: Arbitrary SQL execution and information disclosure via improper TLS hostname verification
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-12382
Severity: important
Released on: 15/07/2026
Advisory: RHSA-2026:13508,
Bugzilla: 2489126
Bugzilla Description:
aap-gateway: missing requestHeadersToRemove allows mTLS bypass via Subject header spoofing
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-290
Affected Packages: automation-gateway-0:2.6.20260422-1.el9ap,
Package States: Red Hat Ansible Automation Platform 2,
Full Details
CVE document
CVE-2026-45804
Severity: important
Released on: 15/07/2026
Advisory:
Bugzilla: 2501024
Bugzilla Description:
diffusers: Diffusers: Arbitrary code execution due to trust_remote_code guard bypass
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-61872
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500907
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61871
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500909
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via memory leak in ICON decoder
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61869
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500928
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via memory leak in MIFF encoder
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61868
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500925
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service due to memory leak in YUV decoder
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61867
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500913
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service due to memory leak in TIFF encoder
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61865
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500895
Bugzilla Description:
ImageMagick: ImageMagick: Memory leak in hough lines operation can lead to denial of service
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61866
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500926
Bugzilla Description:
ImageMagick: ImageMagick: Memory leak in JNG encoder can lead to denial of service
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61864
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500904
Bugzilla Description:
ImageMagick: ImageMagick: Memory leak in color transformation to log colorspace
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61863
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500901
Bugzilla Description:
ImageMagick: ImageMagick: Memory leak in TIFF encoder
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61862
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500933
Bugzilla Description:
ImageMagick: ImageMagick: Information disclosure via out-of-bounds read when displaying profiles with debug enabled
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61860
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500897
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via use-after-free during freetype initialization
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61464
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500894
Bugzilla Description:
ImageMagick: ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61859
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500896
Bugzilla Description:
ImageMagick: ImageMagick: Information disclosure via policy bypass in -script operation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56375
Severity: low
Released on: 15/07/2026
Advisory:
Bugzilla: 2500890
Bugzilla Description:
Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in ASHLAR coder
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-15809
Severity: important
Released on: 15/07/2026
Advisory:
Bugzilla: 2500846
Bugzilla Description:
github.com/cri-o/cri-o: Fix Bypass for CVE-2022-4318 — /etc/passwd Injection via HOME env
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-134
Affected Packages:
Package States: Confidential Compute Attestation,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59733
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500770
Bugzilla Description:
rclone: Rclone: Unauthorized access to private repositories via directory traversal
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-50651
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:26638, RHSA-2026:27171,
Bugzilla: 2499217
Bugzilla Description:
dotnet: SocketsHttpHandler Http2Connection - HTTP/2 SETTINGS/PING ACK flood causing OOM
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: dotnet10-0-main-10.0.109-1.hum1,dotnet9-0-main-9.0.118-1.hum1,
Package States: Cryostat 4,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-45363
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500739
Bugzilla Description:
ruby-jwt: ruby-jwt: Authentication bypass due to empty key in HMAC verification
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-347
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-48125
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500746
Bugzilla Description:
ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Gatekeeper 3,Migration Toolkit for Containers,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 7,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-49476
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:34119, RHSA-2026:23992,
Bugzilla: 2500715
Bugzilla Description:
soupsieve: python-soupsieve: Soupsieve: Denial of Service via crafted CSS selector string
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: python-rpds-py-main-2026.6.3-1.hum1,python-attrs-main-26.1.0-3.hum1,
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Migration Toolkit for Applications 8,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 17.1,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-49477
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:34119, RHSA-2026:23992,
Bugzilla: 2500752
Bugzilla Description:
soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages: python-rpds-py-main-2026.6.3-1.hum1,python-attrs-main-26.1.0-3.hum1,
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Migration Toolkit for Applications 8,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-49854
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500661
Bugzilla Description:
tornado: Tornado: Information disclosure via out-of-bounds read in websocket_mask
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Exploit Intelligence,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Lightspeed Core,Lightspeed Core,Lightspeed Core,Migration Toolkit for Applications 8,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-53486
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:40415,
Bugzilla: 2500679
Bugzilla Description:
decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages: dotnet8-0-main-8.0.128-1.2.hum1,
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Build of Keycloak,
Full Details
CVE document
CVE-2026-48801
Severity: moderate
Released on: 14/07/2026
Advisory: RHSA-2026:38187,
Bugzilla: 2500656
Bugzilla Description:
linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages: rust-main-1.97.0-1.1.hum1,
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,Red Hat Build of Podman Desktop,Red Hat Developer Hub,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-49978
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500695
Bugzilla Description:
dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-49459
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500676
Bugzilla Description:
dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-49458
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500636
Bugzilla Description:
dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-47423
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:10999,
Bugzilla: 2500564
Bugzilla Description:
dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-79
Affected Packages: ruff-main-0.15.11-1.hum1,
Package States: Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-47736
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500583
Bugzilla Description:
puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-47737
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500584
Bugzilla Description:
puma: Puma: Source IP spoofing via PROXY protocol header re-parsing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-358
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-53633
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500586
Bugzilla Description:
@vitest/browser: vite-plus: Vitest: Remote code execution via exposed Chrome DevTools Protocol API
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2026-47428
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:39058,
Bugzilla: 2500578
Bugzilla Description:
vitest: Vitest: Arbitrary code execution via crafted browser-runner URL
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-79
Affected Packages: prometheus3-13-main-3.13.1-0.1.hum1,
Package States: Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Keycloak,Red Hat Build of Podman Desktop,Red Hat JBoss Enterprise Application Platform 8,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-47429
Severity: important
Released on: 14/07/2026
Advisory: RHSA-2026:39058,
Bugzilla: 2500573
Bugzilla Description:
vitest: Vitest: Arbitrary code execution and information disclosure via path traversal
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages: prometheus3-13-main-3.13.1-0.1.hum1,
Package States: Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Keycloak,Red Hat Build of Podman Desktop,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59886
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500041
Bugzilla Description:
pyasn1: pyasn1: Denial of Service via crafted ASN.1 REAL values
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,
Full Details
CVE document
CVE-2026-54058
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500057
Bugzilla Description:
Pillow: Pillow: Memory disclosure or denial of service via crafted McIdas AREA image
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59200
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500060
Bugzilla Description:
Pillow: Pillow: Denial of service via crafted PDF stream
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-409
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59198
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500044
Bugzilla Description:
Pillow: Pillow: Information disclosure via TGA RLE encoder out-of-bounds read
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59205
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500052
Bugzilla Description:
Pillow: Pillow: Controlled native heap corruption in ImageCms.ImageCmsTransform.apply API
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-843
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59203
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500055
Bugzilla Description:
Pillow: Pillow: Denial of Service via crafted EPS file
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59199
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500061
Bugzilla Description:
Pillow: Pillow: Denial of Service via out-of-bounds write in image processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59204
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2500022
Bugzilla Description:
Pillow: Pillow: Denial of Service via crafted JPEG2000 image
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-15392
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500029
Bugzilla Description:
perl-DBI: DBD::File: Arbitrary file read/write via symlink vulnerability
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-59
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15697
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2500013
Bugzilla Description:
svg.js: svg.js: Remote object prototype pollution
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-915
Affected Packages:
Package States: Multicluster Engine for Kubernetes,Red Hat Advanced Cluster Management for Kubernetes 2,
Full Details
CVE document
CVE-2026-15713
Severity: low
Released on: 14/07/2026
Advisory:
Bugzilla: 2499941
Bugzilla Description:
libsoup: SoupCache: libsoup: HTTP/2 frame window exhaustion remote denial of service via memory leak
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15714
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2499942
Bugzilla Description:
libsoup: SoupMultipartInputStream: libsoup: Out-of-bounds read in soup_multipart_input_stream_read_headers via an oversized multipart boundary string
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15712
Severity: low
Released on: 14/07/2026
Advisory:
Bugzilla: 2499939
Bugzilla Description:
SoupClientMessageIOHTTP2: libsoup3: libsoup: HTTP/2 GOAWAY frame parsing heap buffer over-read via invalid NUL-termination assumption
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document
CVE-2026-15711
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2499924
Bugzilla Description:
libsoup: SoupWebsocketConnection: libsoup: WebSocket remote denial of service via oversized control frame protocol violation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15709
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2499922
Bugzilla Description:
SoupWebsocketExtensionDeflate: libsoup: libsoup: WebSocket permessage-deflate Unbounded Decompression Remote Denial of Service
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-409
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15075
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2499919
Bugzilla Description:
vertx-core: Eclipse Vert.x: Information disclosure via improper handling of HTTP 30x redirects
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-346
Affected Packages:
Package States: OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-59674
Severity: important
Released on: 14/07/2026
Advisory:
Bugzilla: 2499909
Bugzilla Description:
suricata: Suricata: Privilege escalation via symbolic link following
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-59
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-12482
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2499902
Bugzilla Description:
keras: Keras: Arbitrary File Operations via Malicious Tar Archive Processing
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-15779
Severity: moderate
Released on: 14/07/2026
Advisory:
Bugzilla: 2499991
Bugzilla Description:
samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-732
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15605
Severity: low
Released on: 13/07/2026
Advisory:
Bugzilla: 2499859
Bugzilla Description:
wandb: wandb: Information disclosure due to weak hash in artifact integrity validation
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-328
Affected Packages:
Package States: Exploit Intelligence,Red Hat AI Inference Server,Red Hat AI Inference Server,
Full Details
CVE document
CVE-2026-15685
Severity: important
Released on: 13/07/2026
Advisory:
Bugzilla: 2499831
Bugzilla Description:
Ollama: Ollama: Denial of Service via improper array index validation in downloadBlob function
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-62147
Severity: moderate
Released on: 13/07/2026
Advisory:
Bugzilla: 2499635
Bugzilla Description:
tempo-operator: Tempo Operator: Query RBAC bypass
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-863
Affected Packages:
Package States: Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,
Full Details
CVE document
CVE-2026-15538
Severity: moderate
Released on: 13/07/2026
Advisory:
Bugzilla: 2499590
Bugzilla Description:
primereact: PrimeReact: Remote attacker can modify object prototype attributes
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-915
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document
CVE-2026-53365
Severity: moderate
Released on: 13/07/2026
Advisory:
Bugzilla: 2499742
Bugzilla Description:
kernel: vsock/virtio: fix zerocopy completion for multi-skb sends
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53364
Severity: low
Released on: 13/07/2026
Advisory:
Bugzilla: 2499748
Bugzilla Description:
kernel: Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-51537
Severity: important
Released on: 13/07/2026
Advisory:
Bugzilla: 2499837
Bugzilla Description:
OpENer: OpENer: Out-of-bounds read via malformed ForwardOpen requests
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-61870
Severity: low
Released on: 11/07/2026
Advisory:
Bugzilla: 2499365
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via specially crafted VIFF images
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61861
Severity: moderate
Released on: 11/07/2026
Advisory:
Bugzilla: 2499377
Bugzilla Description:
ImageMagick: ImageMagick: Use-after-free vulnerability leading to denial of service or code execution
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61858
Severity: low
Released on: 11/07/2026
Advisory:
Bugzilla: 2499370
Bugzilla Description:
ImageMagick: ImageMagick: Policy bypass allows unauthorized file writing via APNG encoder
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61465
Severity: moderate
Released on: 11/07/2026
Advisory:
Bugzilla: 2499374
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via crafted image due to missing memory allocation check
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-61857
Severity: moderate
Released on: 11/07/2026
Advisory:
Bugzilla: 2499382
Bugzilla Description:
ImageMagick: ImageMagick: Application crashes via malicious XMP profiles
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56372
Severity: moderate
Released on: 11/07/2026
Advisory:
Bugzilla: 2499383
Bugzilla Description:
ImageMagick: ImageMagick: Information Disclosure and Denial of Service
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-52747
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499232
Bugzilla Description:
ModSecurity: ModSecurity: Security rule bypass due to incorrect handling of line breaks in form data
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-179
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52761
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499254
Bugzilla Description:
ModSecurity: ModSecurity: Web Application Firewall rules bypass due to incorrect UTF-8 to Unicode transformation
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-57156
Severity: important
Released on: 10/07/2026
Advisory:
Bugzilla: 2499160
Bugzilla Description:
FreeRDP: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-57157
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499158
Bugzilla Description:
FreeRDP: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-57158
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499155
Bugzilla Description:
FreeRDP: FreeRDP: Information disclosure via truncated RDPGFX planar payload
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-55827
Severity: important
Released on: 10/07/2026
Advisory:
Bugzilla: 2499159
Bugzilla Description:
FreeRDP: FreeRDP: Remote code execution via heap out-of-bounds write in RemoteFX decoding
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15146
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499143
Bugzilla Description:
wget: Wget: Server-Side Request Forgery via FTP PASV response IP address validation bypass
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53450
Severity: important
Released on: 10/07/2026
Advisory:
Bugzilla: 2499130
Bugzilla Description:
coturn: Coturn: Localhost services exposed via IPv4-mapped IPv6 address bypass
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-289
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-53449
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499139
Bugzilla Description:
coturn: Coturn: Arbitrary file overwrite via CLI command
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-53448
Severity: important
Released on: 10/07/2026
Advisory:
Bugzilla: 2499142
Bugzilla Description:
coturn: Coturn: Arbitrary code execution via SQL injection in HTTPS admin panel
CVSS Score:
CVSSv3 Score: 7.2
Vector:
CWE: CWE-89
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-59180
Severity: low
Released on: 10/07/2026
Advisory:
Bugzilla: 2499082
Bugzilla Description:
apprise: Apprise: Information disclosure via HTTP redirect following with credential resending
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-201
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-8595
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499051
Bugzilla Description:
grafana: Grafana: Stored Cross-Site Scripting via malicious dashboard field name
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-79
Affected Packages:
Package States: Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-56366
Severity: low
Released on: 10/07/2026
Advisory:
Bugzilla: 2498999
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via memory leak in APP1JPEG image processing
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56373
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499008
Bugzilla Description:
ImageMagick: ImageMagick: Use-after-free vulnerability in PDB decoder allows denial of service or limited data corruption.
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-15143
Severity: important
Released on: 10/07/2026
Advisory:
Bugzilla: 2498165
Bugzilla Description:
guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:)
CVSS Score:
CVSSv3 Score: 9.3
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-15378
Severity: important
Released on: 10/07/2026
Advisory:
Bugzilla: 2498941
Bugzilla Description:
guardrails-detectors: guardrails-detectors: SSRF and local file read via user-supplied XML Schema (xml-with-schema:)
CVSS Score:
CVSSv3 Score: 9.3
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-15574
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499594
Bugzilla Description:
vllm-orchestrator-gateway: vllm-orchestrator-gateway: Authorization header and full chat payloads logged at hard-coded DEBUG default
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-538
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-42771
Severity: low
Released on: 10/07/2026
Advisory:
Bugzilla: 2481895
Bugzilla Description:
openssl: Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-53363
Severity:
Released on: 10/07/2026
Advisory:
Bugzilla: 2498986
Bugzilla Description:
kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()
CVSS Score:
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-39244
Severity: moderate
Released on: 10/07/2026
Advisory:
Bugzilla: 2499083
Bugzilla Description:
adm-zip: adm-zip: Denial of Service via crafted ZIP file leading to excessive memory allocation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-409
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Build of Podman Desktop,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59856
Severity: moderate
Released on: 09/07/2026
Advisory: RHSA-2026:35387,
Bugzilla: 2498867
Bugzilla Description:
vim: Vim: Arbitrary code execution via crafted PHP file in omni-completion
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-94
Affected Packages: vim-main-9.2.780-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59858
Severity: moderate
Released on: 09/07/2026
Advisory: RHSA-2026:35387,
Bugzilla: 2498868
Bugzilla Description:
vim: Vim: Arbitrary command execution via crafted tags file in C omni-completion
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-94
Affected Packages: vim-main-9.2.780-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59857
Severity: moderate
Released on: 09/07/2026
Advisory: RHSA-2026:35387,
Bugzilla: 2498863
Bugzilla Description:
vim: Vim: Denial of Service via out-of-bounds write in spell sound-folding
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages: vim-main-9.2.780-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-55689
Severity: moderate
Released on: 09/07/2026
Advisory:
Bugzilla: 2498818
Bugzilla Description:
openfga: OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-287
Affected Packages:
Package States: Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 10,
Full Details
CVE document
CVE-2026-55170
Severity: moderate
Released on: 09/07/2026
Advisory:
Bugzilla: 2498841
Bugzilla Description:
github.com/openfga/openfga: OpenFGA: Incorrect authorization decisions due to case-insensitive comparisons in MySQL datastore
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-178
Affected Packages:
Package States: Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 10,
Full Details
CVE document
CVE-2026-15308
Severity: important
Released on: 09/07/2026
Advisory: RHSA-2026:39893, RHSA-2026:39320, RHSA-2026:39771, RHSA-2026:37535, RHSA-2026:39183, RHSA-2026:37533, RHSA-2026:39798, RHSA-2026:38017, RHSA-2026:38018,
Bugzilla: 2498608
Bugzilla Description:
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages: python3-12-main-3.12.13-3.5.hum1,python3.12-0:3.12.13-3.el8_10,python3.12-0:3.12.13-3.el9_8.1,python3-11-main-3.11.15-5.2.hum1,python3-14-main-3.14.6-1.3.hum1,python3.9-0:3.9.25-7.el9_8.2,python3-13-main-3.13.14-1.3.hum1,python3.12-0:3.12.13-2.el10_2.1,python3-0:3.6.8-77.el8_10,
Package States: Exploit Intelligence,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-58459
Severity: important
Released on: 09/07/2026
Advisory:
Bugzilla: 2498575
Bugzilla Description:
gpsd: gpsd: Command Injection via GPS device subtype allows arbitrary code execution
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15187
Severity: moderate
Released on: 09/07/2026
Advisory: RHSA-2026:34975,
Bugzilla: 2498547
Bugzilla Description:
enquirer: Enquirer: Prototype pollution vulnerability allows remote attackers to modify object attributes
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-915
Affected Packages: rust-main-1.96.1-1.hum1,
Package States: Cryostat 4,Cryostat 4,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Directory Server 11,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-12080
Severity: important
Released on: 09/07/2026
Advisory:
Bugzilla: 2499603
Bugzilla Description:
qemu-kvm: qemu-guest-agent: Local privilege escalation via symlink attack in guest-ssh-add-authorized-keys
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-61
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux for NVIDIA 26,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-12590
Severity: moderate
Released on: 09/07/2026
Advisory:
Bugzilla: 2498472
Bugzilla Description:
body-parser: body-parser: Denial of Service via invalid limit option
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-39245
Severity: moderate
Released on: 09/07/2026
Advisory: RHSA-2026:37577,
Bugzilla: 2498814
Bugzilla Description:
decompress: decompress: path traversal via indexOf containment bypass allows arbitrary file write (bypass of CVE-2020-12265 fix)
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-22
Affected Packages: dotnet8-0-main-8.0.128-1.1.hum1,
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Build of Keycloak,
Full Details
CVE document
CVE-2026-39246
Severity: important
Released on: 09/07/2026
Advisory:
Bugzilla: 2498840
Bugzilla Description:
decompress: decompress: arbitrary symlink creation during archive extraction leads to information disclosure
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-61
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Build of Keycloak,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-38076
Severity: moderate
Released on: 09/07/2026
Advisory:
Bugzilla: 2498866
Bugzilla Description:
jbig2dec: jbig2dec: Denial of Service via crafted input
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-54499
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498355
Bugzilla Description:
stanza: Stanza: Remote Code Execution via unsafe deserialization in model loaders
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat Ceph Storage 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat OpenShift distributed tracing 3,
Full Details
CVE document
CVE-2026-15168
Severity: low
Released on: 08/07/2026
Advisory:
Bugzilla: 2498329
Bugzilla Description:
wireshark: Wireshark: Information disclosure in BLF file parser
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-237
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-44024
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498282
Bugzilla Description:
fluentd: Fluentd: Remote Code Execution via arbitrary file write due to insufficient tag validation
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54528
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498291
Bugzilla Description:
jupyterlab-git: JupyterLab Git: Information disclosure via case-sensitivity bypass in excluded path enforcement
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-178
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59818
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498305
Bugzilla Description:
etcd: etcd: Authentication bypass due to improper Certificate Revocation List enforcement on gRPC listener
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,
Full Details
CVE document
CVE-2026-15166
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498314
Bugzilla Description:
Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document
CVE-2026-15174
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498289
Bugzilla Description:
wireshark: Wireshark: Denial of Service via Catapult DCT2000 protocol dissector crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15172
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498306
Bugzilla Description:
wireshark: Wireshark: Denial of service via FMP/NOTIFY protocol dissector crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15173
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498278
Bugzilla Description:
Wireshark: Wireshark: Denial of Service via pcapng file parser crash
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15171
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498296
Bugzilla Description:
wireshark: Wireshark: Denial of service via SSH protocol dissector crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15169
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498295
Bugzilla Description:
wireshark: Wireshark: Denial of Service via UMTS FP protocol dissector crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15167
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498277
Bugzilla Description:
wireshark: Wireshark: Denial of Service via DBS Etherwatch file parser crash
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15170
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498313
Bugzilla Description:
wireshark: Wireshark: Denial of service via Z39.50 protocol dissector crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document
CVE-2026-15165
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498279
Bugzilla Description:
wireshark: Wireshark: Denial of Service via TLS ECH decryptor crash
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15163
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498302
Bugzilla Description:
wireshark: Wireshark: Denial of Service via multiple protocol dissector infinite loops
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15164
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498280
Bugzilla Description:
wireshark: Wireshark: Denial of Service vulnerability in ciscodump
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-6352
Severity: low
Released on: 08/07/2026
Advisory:
Bugzilla: 2498312
Bugzilla Description:
gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL
CVSS Score:
CVSSv3 Score: 2.7
Vector:
CWE: CWE-639
Affected Packages:
Package States: OpenShift Pipelines,OpenShift Pipelines,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-7492
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498285
Bugzilla Description:
gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-862
Affected Packages:
Package States: OpenShift Pipelines,OpenShift Pipelines,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-11827
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498318
Bugzilla Description:
gitlab-ee: GitLab EE: Information disclosure via improper authorization controls
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-266
Affected Packages:
Package States: OpenShift Pipelines,OpenShift Pipelines,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-13320
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498316
Bugzilla Description:
gitlab: GitLab: Arbitrary script execution via improper input sanitization
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-79
Affected Packages:
Package States: OpenShift Pipelines,OpenShift Pipelines,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-54591
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498244
Bugzilla Description:
asyncssh: AsyncSSH: Arbitrary file write via path traversal in SCP client
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-55206
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498253
Bugzilla Description:
py7zr: py7zr: Denial of Service via crafted .7z archives due to inefficient algorithmic complexity
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-606
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-55195
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498255
Bugzilla Description:
py7zr: py7zr: Denial of Service via decompression bomb in 7zip archive extraction
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-409
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-58494
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498250
Bugzilla Description:
wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-280
Affected Packages:
Package States: Red Hat Connectivity Link 1,Red Hat Enterprise Linux 10,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58208
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498254
Bugzilla Description:
github.com/nats-io/nats-server: NATS Server: Denial of Service due to incorrect MQTT-over-WebSocket request routing
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58207
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498265
Bugzilla Description:
github.com/nats-io/nats-server: NATS Server: Denial of Service via arithmetic overflow in connection monitoring pagination
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Multicluster Global Hub,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-58250
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498257
Bugzilla Description:
github.com/nats-io/nats-server: NATS Server: Denial of Service via repeated leafnode INFO messages during pre-authentication
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58252
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498262
Bugzilla Description:
github.com/nats-io/nats-server: NATS Server: Information disclosure via access control bypass in wildcard and queue subscriptions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58253
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498261
Bugzilla Description:
github.com/nats-io/nats-server: NATS Server: Authentication bypass and privilege escalation via parser fast path
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58251
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498195
Bugzilla Description:
github.com/nats-io/nats-server: NATS Server: Information disclosure due to bypass of subject deny rules via queue subscriptions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-59936
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498201
Bugzilla Description:
pypdf: pypdf: Denial of Service via crafted PDF inline image
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Exploit Intelligence,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-59935
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498214
Bugzilla Description:
pypdf: pypdf: Denial of Service via crafted PDF with unterminated inline image
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Exploit Intelligence,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-59939
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498212
Bugzilla Description:
httplib2: httplib2: Denial of Service via unbounded decompression of HTTP response bodies
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-409
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59819
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498192
Bugzilla Description:
litellm: LiteLLM: Information disclosure via local file read in test connection endpoint
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-22
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59820
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498198
Bugzilla Description:
litellm: LiteLLM: Directory traversal via crafted skill archive upload
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-44512
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498215
Bugzilla Description:
onnx: ONNX: Denial of Service via crafted untrusted models
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59821
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498202
Bugzilla Description:
litellm: LiteLLM: Arbitrary code execution and information disclosure via custom code guardrails
CVSS Score:
CVSSv3 Score: 7.2
Vector:
CWE: CWE-94
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-15154
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498188
Bugzilla Description:
guardrails-detectors: guardrails-detectors: Unauthenticated Regular-Expression Denial of Service (ReDoS) via detector_params.regex
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59937
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498170
Bugzilla Description:
pypdf: pypdf: Denial of Service via crafted PDF with malformed cross-reference streams
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1050
Affected Packages:
Package States: Exploit Intelligence,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-59938
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498171
Bugzilla Description:
pypdf: pypdf: Possible large memory usage for wrong image dimensions
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Exploit Intelligence,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-14362
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498174
Bugzilla Description:
github.com/hashicorp/memberlist: HashiCorp memberlist: Denial of Service via push/pull state handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 6,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Ceph Storage 9,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-59927
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498154
Bugzilla Description:
mistune: Mistune: Denial of Service via unbounded recursion in Markdown include directive
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59928
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498156
Bugzilla Description:
mistune: Mistune: Denial of Service via crafted Markdown document with reference-link definitions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59929
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498141
Bugzilla Description:
mistune: Mistune: Cross-site scripting via incomplete URL scheme filtering
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Satellite 6,
Full Details
CVE document
CVE-2025-3110
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498148
Bugzilla Description:
OpenVPN Access Server: OpenVPN Access Server: HTTP request smuggling via bare line-feed sequences in HTTP headers
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-444
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-59925
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498153
Bugzilla Description:
mistune: Mistune: Denial of Service via crafted Markdown input
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59926
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498149
Bugzilla Description:
mistune: Mistune: Cross-Site Scripting via unescaped HTML class attribute in Admonition directive
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59923
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498142
Bugzilla Description:
mistune: Mistune: Arbitrary code execution through crafted Markdown links
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59930
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498150
Bugzilla Description:
mistune: Mistune: Same-page navigation redirection due to predictable heading IDs
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-59892
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498139
Bugzilla Description:
@opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-248
Affected Packages:
Package States: OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59890
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37530,
Bugzilla: 2498155
Bugzilla Description:
setuptools: setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD)
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-1025
Affected Packages: python-setuptools-main-83.0.0-4.hum1,
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Network Observability Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Quarkus Native builder,Red Hat Ceph Storage 7,Red Hat Ceph Storage 9,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Self-service automation portal 2,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,
Full Details
CVE document
CVE-2026-42505
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:36477, RHSA-2026:36510,
Bugzilla: 2498138
Bugzilla Description:
crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-201
Affected Packages: golang1-25-main-1.25.12-0.1.hum1,golang1-26-main-1.26.5-0.1.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,mirror registry for Red Hat OpenShift 2,Multiarch Tuning Operator,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Source-to-Image (S2I),Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Service Telemetry Framework 1.5,streams for Apache Kafka 2,streams for Apache Kafka 3,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document
CVE-2026-39822
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:38493, RHSA-2026:38494, RHSA-2026:37436, RHSA-2026:38878, RHSA-2026:37435, RHSA-2026:36477, RHSA-2026:36510, RHSA-2026:38995,
Bugzilla: 2498152
Bugzilla Description:
os: golang: Go os.Root: Symlink following vulnerability allows directory traversal
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-59
Affected Packages: podman-6:5.8.2-5.el9_8,golang-0:1.26.5-1.el10_2,buildah-2:1.43.1-4.el10_2,buildah-2:1.43.1-4.el9_8,golang-0:1.26.5-1.el9_8,golang1-25-main-1.25.12-0.1.hum1,go-toolset:rhel8-8100020260710105056.a3795dee,golang1-26-main-1.26.5-0.1.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,mirror registry for Red Hat OpenShift 2,Multiarch Tuning Operator,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Source-to-Image (S2I),Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 5,Red Hat Ceph Storage 6,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Ceph Storage 9,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Service Telemetry Framework 1.5,streams for Apache Kafka 2,streams for Apache Kafka 3,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document
CVE-2026-59262
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498132
Bugzilla Description:
AFFiNE: AFFiNE: Information disclosure via histories GraphQL field
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59725
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:37577,
Bugzilla: 2498118
Bugzilla Description:
socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages: dotnet8-0-main-8.0.128-1.1.hum1,
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document
CVE-2026-59724
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:26994,
Bugzilla: 2498128
Bugzilla Description:
engine.io: Engine.IO: Denial of Service via crafted WebTransport session ID
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-843
Affected Packages: dotnet8-0-main-8.0.128-1.hum1,
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document
CVE-2026-59876
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498129
Bugzilla Description:
protobufjs: protobufjs: Prototype pollution vulnerability in Text Format extension
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-915
Affected Packages:
Package States: Cryostat 4,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59871
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498126
Bugzilla Description:
node-tar: node-tar: Denial of Service due to incorrect PAX path handling
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-843
Affected Packages:
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Cryostat 4,Exploit Intelligence,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59874
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498116
Bugzilla Description:
tar: Node-tar: Denial of Service via malformed tar archive header
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Cryostat 4,Exploit Intelligence,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59873
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2498120
Bugzilla Description:
tar: node-tar: Denial of Service via crafted gzip bomb
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Cryostat 4,Exploit Intelligence,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59875
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498115
Bugzilla Description:
node-tar: node-tar: Denial of Service via crafted archive with NUL bytes in metadata
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-170
Affected Packages:
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Cryostat 4,Exploit Intelligence,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-59868
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:7655, RHSA-2026:34975, RHSA-2026:26994, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:9455,
Bugzilla: 2498114
Bugzilla Description:
js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages: nodejs20-main-20.20.2-1.hum1,dotnet8-0-main-8.0.128-1.hum1,rust-main-1.96.1-1.hum1,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,yarnpkg-main-1.22.22-18.1.hum1,nodejs24-main-24.18.0-0.2.hum1,
Package States: Cryostat 4,Cryostat 4,Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Network Observability Operator,Network Observability Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat Build of Keycloak,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Discovery 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-59869
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:38187, RHSA-2026:37534, RHSA-2026:37577, RHSA-2026:37532, RHSA-2026:38236, RHSA-2026:38304,
Bugzilla: 2498122
Bugzilla Description:
js-yaml: js-yaml: Denial of Service via crafted YAML documents
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-606
Affected Packages: rust-main-1.97.0-1.1.hum1,nodejs22-main-22.23.1-2.1.hum1,nodejs24-main-24.18.0-0.3.hum1,dotnet8-0-main-8.0.128-1.1.hum1,nodejs26-main-26.4.0-1.4.hum1,nodejs25-main-25.9.0-1.3.hum1,
Package States: Cryostat 4,Cryostat 4,Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Network Observability Operator,Network Observability Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat Build of Keycloak,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Discovery 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Secrets Management Console for Red Hat OpenShift,Self-service automation portal 2,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-59870
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:7655, RHSA-2026:34975, RHSA-2026:26994, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:9455,
Bugzilla: 2498130
Bugzilla Description:
js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: nodejs20-main-20.20.2-1.hum1,dotnet8-0-main-8.0.128-1.hum1,rust-main-1.96.1-1.hum1,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,yarnpkg-main-1.22.22-18.1.hum1,nodejs24-main-24.18.0-0.2.hum1,
Package States: Cryostat 4,Cryostat 4,Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Network Observability Operator,Network Observability Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat Build of Keycloak,Red Hat Build of Podman Desktop,Red Hat Ceph Storage 9,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Discovery 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54423
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2493392
Bugzilla Description:
openstack-ironic: openstack-ironic: Arbitrary IPMI command execution via send_raw deployment step
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-862
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-44918
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2494664
Bugzilla Description:
openstack-ironic: Prevent rehoming resources to nodes with different owner
CVSS Score:
CVSSv3 Score: 8.7
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-56362
Severity: low
Released on: 08/07/2026
Advisory:
Bugzilla: 2498080
Bugzilla Description:
ImageMagick: Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Information disclosure via heap-buffer-overflow read
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56374
Severity: low
Released on: 08/07/2026
Advisory:
Bugzilla: 2498106
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56297
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498073
Bugzilla Description:
FreeRDP: FreeRDP: Remote code execution or denial of service via use-after-free race condition
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15028
Severity: low
Released on: 08/07/2026
Advisory: RHSA-2026:38279,
Bugzilla: 2497970
Bugzilla Description:
libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE:
Affected Packages: libarchive-main-3.8.8-2.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-15041
Severity: low
Released on: 08/07/2026
Advisory:
Bugzilla: 2498022
Bugzilla Description:
389-ds-base: 389-ds-base: Non-constant-time comparison in PBKDF2-SHA256 password verification
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-208
Affected Packages:
Package States: Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-60002
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497936
Bugzilla Description:
openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-825
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-60001
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497938
Bugzilla Description:
openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-307
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-60000
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497946
Bugzilla Description:
openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-307
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59999
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497942
Bugzilla Description:
openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-358
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59998
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497935
Bugzilla Description:
openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-909
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59997
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497929
Bugzilla Description:
openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-88
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59996
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497944
Bugzilla Description:
openssh: OpenSSH: `scp` file misplacement vulnerability during remote copy
CVSS Score:
CVSSv3 Score: 4.6
Vector:
CWE: CWE-22
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59995
Severity: moderate
Released on: 08/07/2026
Advisory: RHSA-2026:37382,
Bugzilla: 2497927
Bugzilla Description:
openssh: OpenSSH: sftp client allows attacker to control downloaded file location
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-22
Affected Packages: openssh-main-10.4p1-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-55999
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:38486, RHSA-2026:38487, RHSA-2026:38488, RHSA-2026:38490, RHSA-2026:38489,
Bugzilla: 2496165
Bugzilla Description:
xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-805
Affected Packages: xorg-x11-server-0:1.20.11-34.el9_8.3,xorg-x11-server-Xwayland-0:21.1.3-20.el8_10.3,xorg-x11-server-Xwayland-0:24.1.9-4.el9_8.3,xorg-x11-server-0:1.20.11-28.el8_10.3,xorg-x11-server-Xwayland-0:24.1.9-4.el10_2.3,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56000
Severity: important
Released on: 08/07/2026
Advisory: RHSA-2026:38490, RHSA-2026:38489,
Bugzilla: 2496193
Bugzilla Description:
X.org: xorg-x11-server: GLX contextTags Use-After-Free in CommonMakeCurrent()
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-825
Affected Packages: xorg-x11-server-Xwayland-0:24.1.9-4.el9_8.3,xorg-x11-server-Xwayland-0:24.1.9-4.el10_2.3,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-56001
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2496640
Bugzilla Description:
libXfont2: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-56002
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2496641
Bugzilla Description:
libXfont2: PCF Font Parsing Heap Buffer Overflow
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-59691
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2497343
Bugzilla Description:
gstreamer: gstreamer: rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-59692
Severity: important
Released on: 08/07/2026
Advisory:
Bugzilla: 2497344
Bugzilla Description:
gstreamer: gstreamer: DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15044
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498039
Bugzilla Description:
trustyai-service-operator: TrustyAI Service Operator: Unauthenticated access to AI guardrails and orchestrator APIs
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-15063
Severity: moderate
Released on: 08/07/2026
Advisory:
Bugzilla: 2498058
Bugzilla Description:
trustyai-service-operator: TrustyAI Service Operator: Gorch port bypass when auth IS enabled
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-14740
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2497905
Bugzilla Description:
DBI: DBI for Perl: Out-of-bounds read in SQL comment processing
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-14739
Severity: important
Released on: 07/07/2026
Advisory:
Bugzilla: 2497916
Bugzilla Description:
DBI: DBI: Heap overflow when preparsing SQL statements with excessive placeholders
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-14380
Severity: important
Released on: 07/07/2026
Advisory:
Bugzilla: 2497915
Bugzilla Description:
DBI: DBI: Arbitrary code execution via caller-influenced Profile attribute
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-58472
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2497857
Bugzilla Description:
wget: GNU Wget: Arbitrary code execution or denial of service via crafted HTML attribute
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-58471
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2497850
Bugzilla Description:
wget: GNU Wget: Heap buffer overflow via server-supplied filename leads to memory corruption
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-58470
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2497860
Bugzilla Description:
wget: GNU Wget: Integer overflow in Content-Range header parsing causes download desynchronization
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-14969
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2497735
Bugzilla Description:
389-ds-base: 389-ds-base: Static initialization vector in AES-CBC/3DES-CBC attribute encryption
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-329
Affected Packages:
Package States: Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-14935
Severity: low
Released on: 07/07/2026
Advisory:
Bugzilla: 2497679
Bugzilla Description:
gstreamer: gstreamer: webrtcbin accepts remote SDP without a=fingerprint due to inverted presence check
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-670
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-48588
Severity: low
Released on: 07/07/2026
Advisory:
Bugzilla: 2497327
Bugzilla Description:
django: Django: Information disclosure due to improper caching of Set-Cookie responses
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-524
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery 2,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-53877
Severity: low
Released on: 07/07/2026
Advisory:
Bugzilla: 2497328
Bugzilla Description:
django: Django: Information disclosure via heap buffer over-read in GDALRaster
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-126
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery 2,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-53878
Severity: low
Released on: 07/07/2026
Advisory:
Bugzilla: 2497329
Bugzilla Description:
django: Django: HTTP header injection via DomainNameValidator accepting newlines
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-113
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery 2,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-14940
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2497697
Bugzilla Description:
389-ds-base: 389-ds-base: heap-buffer-overflow in DN normalization via quoted multivalued RDN
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-11610
Severity: important
Released on: 07/07/2026
Advisory: RHSA-2026:36209, RHSA-2026:36204, RHSA-2026:36202, RHSA-2026:36641, RHSA-2026:36201, RHSA-2026:36208, RHSA-2026:36206, RHSA-2026:36205, RHSA-2026:36196, RHSA-2026:36195, RHSA-2026:36200, RHSA-2026:36585, RHSA-2026:36198, RHSA-2026:36671, RHSA-2026:36660, RHSA-2026:36670, RHSA-2026:36197,
Bugzilla: 2484414
Bugzilla Description:
389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-122
Affected Packages: redhat-ds:11-8060020260702180044.0ca98e7e,389-ds:1.4-8060020260626130540.824efc52,redhat-ds:12-9040020260703055735.1674d574,redhat-ds:11-8100020260702145313.37ed7c03,389-ds:1.4-8040020260629123121.96015a92,389-ds-base-0:2.6.1-22.el9_6,389-ds-base-0:2.8.0-8.el9_8,dirsrv/dirsrv-container-rhel10:1783452100,389-ds-base-0:3.0.6-19.el10_0,389-ds-base-0:2.2.4-19.el9_2,389-ds-base-0:1.3.11.1-13.el7_9,389-ds:1.4-8080020260630025241.6dbb3803,redhat-ds:12-9020020260703060155.1674d574,389-ds:1.4-8100020260626120929.25e700aa,389-ds-base-0:2.4.5-26.el9_4,redhat-ds:11-8080020260702180836.f969626e,389-ds-base-0:3.2.0-8.el10_2,
Package States: Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 6,
Full Details
CVE document
CVE-2026-14474
Severity: important
Released on: 07/07/2026
Advisory:
Bugzilla: 2496556
Bugzilla Description:
sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-1188
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-14476
Severity: moderate
Released on: 07/07/2026
Advisory:
Bugzilla: 2496581
Bugzilla Description:
sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-23
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2025-12799
Severity: moderate
Released on: 07/07/2026
Advisory: RHSA-2026:36343, RHSA-2026:36342, RHSA-2026:36345, RHSA-2026:36344,
Bugzilla: 2413071
Bugzilla Description:
jastow: Jastow Cross-Site Scripting attack due to unsanitized URI
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-79
Affected Packages: eap8-elytron-web-0:4.1.2-1.Final_redhat_00001.1.el10eap,eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el10eap,eap8-jandex-0:3.2.7-1.redhat_00001.1.el10eap,eap8-javaee-security-soteria-0:3.0.3-2.redhat_00001.1.el10eap,eap8-jboss-dmr-0:1.7.0-2.Final_redhat_00001.1.el10eap,eap8-fge-btf-0:1.2.0-4.redhat_00007.1.el10eap,eap8-joda-time-0:2.12.7-1.redhat_00002.1.el10eap,eap8-jakarta-resource-api-0:2.1.0-2.redhat_00001.1.el10eap,eap8-jbossws-jaxws-undertow-httpspi-0:2.0.0-1.Final_redhat_00001.1.el10eap,eap8-jackson-coreutils-0:1.8.0-3.redhat_00002.1.el10eap,eap8-jgroups-aws-0:3.0.1-1.Final_redhat_00001.1.el10eap,eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el10eap,eap8-parsson-0:1.1.7-3.redhat_00003.1.el10eap,eap8-wildfly-0:8.1.7-4.GA_redhat_00003.1.el10eap,eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el10eap,eap8-aesh-readline-0:2.4.0-1.redhat_00002.1.el10eap,eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el10eap,eap8-woodstox-core-0:7.0.0-1.redhat_00002.1.el10eap,eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el10eap,eap8-protostream-0:5.0.14-2.Final_redhat_00002.1.el10eap,eap8-xml-commons-resolver-0:1.2.0-2.redhat_12.1.el10eap,eap8-jakarta-jms-api-0:3.1.0-4.redhat_00003.1.el10eap,eap8-apache-sshd-0:2.14.0-4.redhat_00003.1.el10eap,eap8-wildfly-javadocs-0:8.1.1-11.GA_redhat_00019.1.el10eap,eap8-hornetq-0:2.4.11-1.Final_redhat_00001.1.el10eap,eap8-lucene-solr-0:9.11.1-1.redhat_00001.1.el10eap,eap8-jboss-invocation-0:2.0.1-1.Final_redhat_00001.1.el10eap,eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el10eap,eap8-jboss-classfilewriter-0:1.3.1-1.Final_redhat_00001.1.el10eap,eap8-weld-core-0:5.1.6-1.Final_redhat_00001.1.el10eap,eap8-log4j-0:2.23.1-2.redhat_00002.1.el10eap,eap8-jgroups-azure-0:2.0.2-1.Final_redhat_00002.1.el10eap,eap8-atinject-0:2.0.1-5.redhat_00007.1.el10eap,eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el10eap,eap8-narayana-0:7.1.2-2.Final_redhat_00001.1.el10eap,eap8-undertow-0:2.3.24-4.SP3_redhat_00001.1.el8eap,eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el10eap,eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el10eap,eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el10eap,eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el10eap,eap8-undertow-jastow-0:2.2.9-1.SP1_redhat_00001.1.el10eap,eap8-ironjacamar-0:3.0.18-1.Final_redhat_00001.1.el10eap,eap8-jaxbintros-0:2.0.1-2.redhat_00001.1.el10eap,eap8-wss4j-0:3.0.4-1.redhat_00002.1.el10eap,eap8-jansi-0:2.4.1-2.redhat_00001.1.el10eap,eap8-velocity-0:2.3.0-7.redhat_00010.1.el10eap,eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el10eap,eap8-wildfly-elytron-0:2.6.9-1.Final_redhat_00001.1.el10eap,eap8-wildfly-openssl-el10-x86_64-0:2.3.0-1.Final.redhat.00001.1.el10eap,eap8-expressly-0:5.0.0-6.redhat_00001.1.el10eap,eap8-jbossws-common-0:5.1.0-2.Final_redhat_00001.1.el10eap,eap8-jsonb-spec-0:3.0.1-2.redhat_00002.1.el10eap,eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el10eap,eap8-jbossws-cxf-0:7.3.8-1.Final_redhat_00001.1.el9eap,eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el10eap,eap8-wildfly-javadocs-0:8.1.1-11.GA_redhat_00019.1.el8eap,eap8-jackson-modules-base-0:2.18.4-2.redhat_00002.1.el10eap,eap8-jackson-modules-java8-0:2.18.4-2.redhat_00002.1.el10eap,eap8-jboss-logmanager-0:2.1.19-1.Final_redhat_00001.1.el10eap,eap8-jakarta-json-api-0:2.1.3-1.redhat_00002.1.el10eap,eap8-wsdl4j-0:1.6.3-5.redhat_00008.1.el10eap,eap8-jakarta-servlet-jsp-jstl-api-0:3.0.2-1.redhat_00001.1.el10eap,eap8-jbossws-common-tools-0:2.1.0-2.Final_redhat_00001.1.el10eap,eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el10eap,eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el10eap,eap8-jbossws-cxf-0:7.3.8-1.Final_redhat_00001.1.el8eap,eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el10eap,eap8-protoparser-0:4.0.3-2.redhat_00001.1.el10eap,eap8-jctools-0:4.0.6-1.redhat_00001.1.el10eap,eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el10eap,eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el10eap,eap8-netty-xnio-transport-0:0.1.10-1.Final_redhat_00001.1.el10eap,eap8-eap-product-conf-parent-0:801.7.0-1.GA_redhat_00001.1.el9eap,eap8-resilience4j-0:2.2.0-2.redhat_00001.1.el10eap,eap8-jakarta-enterprise-concurrent-api-0:3.0.3-1.redhat_00001.1.el10eap,eap8-jaxb-0:4.0.6-1.redhat_00001.1.el10eap,eap8-jboss-saaj-api_3.0_spec-0:1.0.0-1.Final_redhat_00001.1.el10eap,eap8-java-classmate-0:1.6.0-1.redhat_00001.1.el10eap,eap8-wildfly-0:8.1.7-4.GA_redhat_00003.1.el9eap,eap8-wildfly-transaction-client-0:3.0.5-1.Final_redhat_00001.1.el10eap,eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el10eap,eap8-javaewah-0:1.2.3-1.redhat_00002.1.el10eap,eap8-undertow-jastow-0:2.2.9-1.SP1_redhat_00001.1.el8eap,eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el10eap,eap8-wildfly-elytron-0:2.6.9-1.Final_redhat_00001.1.el8eap,eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el10eap,eap8-jbossws-api-0:3.0.0-1.Final_redhat_00001.1.el10eap,eap8-jberet-0:3.1.0-1.Final_redhat_00001.1.el10eap,eap8-jboss-transaction-spi-0:8.0.0-1.Final_redhat_00001.1.el10eap,eap8-0:1-9.el10eap,eap8-artemis-wildfly-integration-0:2.0.4-1.Final_redhat_00001.1.el10eap,eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el10eap,eap8-jakarta-xml-bind-api-0:4.0.4-1.redhat_00001.1.el10eap,eap8-wildfly-clustering-0:5.0.12-1.Final_redhat_00001.1.el10eap,eap8-eap-product-conf-parent-0:801.7.0-1.GA_redhat_00001.1.el8eap,eap8-ws-commons-XmlSchema-0:2.3.0-2.redhat_00002.1.el10eap,eap8-jboss-aesh-0:2.4.0-2.redhat_00001.1.el10eap,eap8-jackson-databind-0:2.18.4-1.redhat_00002.1.el10eap,eap8-xml-security-0:3.0.5-1.redhat_00001.1.el10eap,eap8-gnu-getopt-0:1.0.13-4.redhat_5.1.el10eap,eap8-jackson-core-0:2.18.4-1.redhat_00002.1.el10eap,eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el10eap,eap8-jboss-modules-0:2.1.6-1.Final_redhat_00001.1.el10eap,eap8-jakarta-enterprise-lang-model-0:4.0.1-2.redhat_00001.1.el10eap,eap8-jakarta-servlet-jsp-api-0:3.1.1-1.redhat_00001.1.el10eap,eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el10eap,eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el10eap,eap8-wildfly-javadocs-0:8.1.1-11.GA_redhat_00019.1.el9eap,io.undertow.jastow-jastow,eap8-wildfly-discovery-0:1.3.0-1.Final_redhat_00001.1.el10eap,eap8-jackson-dataformats-text-0:2.18.4-2.redhat_00002.1.el10eap,eap8-hibernate-0:6.6.50-1.Final_redhat_00001.1.el9eap,eap8-antlr4-0:4.13.2-1.redhat_00001.1.el10eap,eap8-jakarta-security-enterprise-api-0:3.0.0-2.redhat_00001.1.el10eap,eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el10eap,eap8-log4j2-jboss-logmanager-0:2.0.1-1.Final_redhat_00001.1.el10eap,eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el10eap,eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap,eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el10eap,eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el10eap,eap8-eventstream-0:1.0.1-3.redhat_00003.1.el10eap,eap8-jakarta-transaction-api-0:2.0.1-3.redhat_00004.1.el10eap,eap8-hibernate-0:6.6.50-1.Final_redhat_00001.1.el8eap,eap8-jboss-remoting-jmx-0:3.1.0-3.Final_redhat_00002.1.el10eap,eap8-wildfly-naming-client-0:2.0.1-1.Final_redhat_00001.1.el10eap,eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el10eap,eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el10eap,eap8-artemis-wildfly-integration-0:2.0.4-1.Final_redhat_00001.1.el8eap,eap8-caffeine-0:3.1.8-2.redhat_00002.1.el10eap,eap8-fge-msg-simple-0:1.1.0-4.redhat_00007.1.el10eap,eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el10eap,eap8-undertow-jastow-0:2.2.9-1.SP1_redhat_00001.1.el9eap,eap8-jboss-msc-0:1.5.5-1.Final_redhat_00001.1.el10eap,eap8-jboss-threads-0:2.5.0-1.redhat_00001.1.el10eap,eap8-jakarta-websocket-0:2.1.1-1.redhat_00001.1.el10eap,eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el10eap,eap8-insights-java-client-0:1.1.3-2.redhat_00002.1.el10eap,eap8-resteasy-0:6.2.15-1.Final_redhat_00002.1.el10eap,eap8-jsf-impl-0:4.0.11-1.redhat_00001.1.el10eap,eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el10eap,eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el10eap,eap8-h2database-0:2.2.224-4.redhat_00003.1.el10eap,eap8-azure-storage-0:8.6.6-5.redhat_00001.1.el10eap,eap8-jgroups-1:5.3.23-1.Final_redhat_00001.1.el10eap,eap8-apache-commons-codec-0:1.17.2-1.redhat_00001.1.el10eap,eap8-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el10eap,eap8-jboss-openjdk-orb-0:10.1.1-1.Final_redhat_00001.1.el10eap,eap8-apache-cxf-0:4.0.10-3.redhat_00001.1.el9eap,eap8-hibernate-commons-annotations-0:7.0.3-3.Final_redhat_00002.1.el10eap,eap8-jboss-vfs-0:3.3.2-1.Final_redhat_00001.1.el10eap,eap8-installation-manager-api-0:1.1.1-1.Final_redhat_00001.1.el10eap,eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el10eap,eap8-vdx-0:1.1.6-3.redhat_1.1.el10eap,eap8-json-patch-0:1.9.0-3.redhat_00002.1.el10eap,eap8-wildfly-0:8.1.7-4.GA_redhat_00003.1.el8eap,eap8-jul-to-slf4j-stub-0:1.0.1-1.Final_redhat_3.1.el10eap,eap8-jboss-common-beans-0:2.0.1-2.Final_redhat_00001.1.el10eap,eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el10eap,eap8-wildfly-elytron-0:2.6.9-1.Final_redhat_00001.1.el9eap,eap8-jakarta-json-0:1.1.6-5.redhat_00003.1.el10eap,eap8-javapackages-tools-0:6.0.0-8.el10eap,eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el10eap,eap8-apache-cxf-0:4.0.10-3.redhat_00001.1.el8eap,eap8-apache-cxf-0:4.0.10-3.redhat_00001.1.el10eap,eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el10eap,eap8-jboss-ejb3-ext-api-0:2.4.0-2.Final_redhat_00001.1.el10eap,eap8-elasticsearch-0:8.15.4-4.redhat_00003.1.el10eap,eap8-jgroups-1:5.3.23-1.Final_redhat_00001.1.el8eap,eap8-wildfly-elytron-ee-0:3.1.4-2.Final_redhat_00001.1.el10eap,eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el10eap,eap8-jackson-jaxrs-providers-0:2.18.4-2.redhat_00002.1.el10eap,eap8-jboss-xnio-base-0:3.8.16-1.Final_redhat_00001.1.el10eap,eap8-gson-0:2.10.1-2.redhat_00005.1.el10eap,eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el10eap,eap8-activemq-artemis-0:2.40.0-7.redhat_00015.1.el10eap,eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el10eap,eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el10eap,eap8-eap-product-conf-parent-0:801.7.0-1.GA_redhat_00001.1.el10eap,eap8-jakarta-batch-api-0:2.1.1-3.redhat_00003.1.el10eap,eap8-jakarta-ejb-api-0:4.0.1-2.redhat_00001.1.el10eap,eap8-hibernate-0:6.6.50-1.Final_redhat_00001.1.el10eap,eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el10eap,eap8-neethi-0:3.2.1-1.redhat_00002.1.el10eap,eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el10eap,eap8-opensaml-0:4.3.2-2.redhat_00002.1.el10eap,eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el10eap,eap8-staxmapper-0:1.5.0-2.Final_redhat_00001.1.el10eap,eap8-mod_cluster-0:2.1.0-2.Final_redhat_00001.1.el10eap,eap8-jboss-cert-helper-0:1.1.3-2.redhat_00002.1.el10eap,eap8-wildfly-common-0:1.7.0-2.Final_redhat_00003.1.el10eap,eap8-resteasy-spring-0:3.2.0-3.Final_redhat_00001.1.el10eap,eap8-undertow-0:2.3.24-4.SP3_redhat_00001.1.el10eap,eap8-jboss-marshalling-0:2.2.3-2.Final_redhat_00001.1.el10eap,eap8-jackson-annotations-0:2.18.4-2.redhat_00002.1.el10eap,eap8-jcip-annotations-0:1.0.0-3.redhat_00009.1.el10eap,eap8-agroal-0:2.3.0-1.redhat_00001.1.el10eap,eap8-artemis-wildfly-integration-0:2.0.4-1.Final_redhat_00001.1.el9eap,eap8-angus-0:2.0.5-1.redhat_00001.1.el10eap,eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el10eap,eap8-pem-keystore-0:2.4.0-1.redhat_00001.1.el10eap,eap8-apache-commons-cli-0:1.9.0-1.redhat_00001.1.el10eap,eap8-yasson-0:3.0.4-5.redhat_00007.1.el10eap,eap8-ecj-1:3.33.0-1.redhat_00001.1.el10eap,eap8-javaee-jpa-spec-0:3.1.0-4.redhat_00002.1.el10eap,eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el10eap,eap8-jakarta-authorization-api-0:2.1.0-3.redhat_00001.1.el10eap,eap8-slf4j-jboss-logmanager-0:2.0.2-1.Final_redhat_00001.1.el10eap,eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el10eap,eap8-jgroups-1:5.3.23-1.Final_redhat_00001.1.el9eap,eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el10eap,eap8-byte-buddy-0:1.14.18-2.redhat_00001.1.el10eap,eap8-jbossws-spi-0:5.0.0-1.Final_redhat_00001.1.el10eap,eap8-jgroups-kubernetes-0:2.0.2-1.Final_redhat_00001.1.el10eap,eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el10eap,eap8-jakarta-authentication-api-0:3.0.0-3.redhat_00001.1.el10eap,eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el10eap,eap8-hppc-0:0.10.0-2.redhat_00001.1.el10eap,eap8-jose4j-0:0.9.6-2.redhat_00002.1.el10eap,eap8-slf4j-0:2.0.17-1.redhat_00001.1.el10eap,eap8-jbossws-cxf-0:7.3.8-1.Final_redhat_00001.1.el10eap,eap8-jboss-iiop-client-0:2.0.1-2.Final_redhat_00001.1.el10eap,eap8-undertow-0:2.3.24-4.SP3_redhat_00001.1.el9eap,eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el10eap,eap8-jasypt-0:1.9.3-4.redhat_00004.1.el10eap,eap8-jboss-genericjms-0:3.0.0-3.Final_redhat_00001.1.el10eap,eap8-apache-cxf-xjc-utils-0:4.1.0-1.redhat_00001.1.el10eap,eap8-aws-java-sdk-0:2.30.32-3.redhat_00003.1.el10eap,eap8-jboss-jakarta-xml-ws-api_4.0_spec-0:1.0.0-1.Final_redhat_00001.1.el10eap,eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el10eap,
Package States: Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-33630
Severity: important
Released on: 07/07/2026
Advisory: RHSA-2026:36192,
Bugzilla: 2497686
Bugzilla Description:
c-ares: c-ares: Use-after-free / double-free in query-completion handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-416
Affected Packages: c-ares-main-1.34.7-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-59710
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497554
Bugzilla Description:
showdown: Showdown: Stored Cross-Site Scripting via unescaped table header ID attributes in markdown
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-59711
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497535
Bugzilla Description:
showdown: Showdown: Cross-site scripting via unescaped metadata title allows arbitrary code execution
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-55514
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497504
Bugzilla Description:
vllm: vLLM: Denial of Service via crafted prompt in /v1/completions request
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-55574
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497509
Bugzilla Description:
vllm: vLLM: Denial of Service via adversarial regular expression in structured outputs API
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-54234
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497515
Bugzilla Description:
vllm: vLLM: Denial of Service via malformed speculative decoding workload
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-55646
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497468
Bugzilla Description:
vllm: vLLM: Denial of Service due to excessive memory allocation via oversized audio file uploads
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-55379
Severity: important
Released on: 06/07/2026
Advisory: RHSA-2026:39127,
Bugzilla: 2497452
Bugzilla Description:
python-pillow: Pillow: Denial of Service via crafted BDF font file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: python-pillow-0:5.1.1-22.el8_10,
Package States: Exploit Intelligence,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-55380
Severity: important
Released on: 06/07/2026
Advisory: RHSA-2026:39127,
Bugzilla: 2497455
Bugzilla Description:
python-pillow: Pillow: Denial of Service via crafted GD 2.x image file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1285
Affected Packages: python-pillow-0:5.1.1-22.el8_10,
Package States: Exploit Intelligence,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-54060
Severity: important
Released on: 06/07/2026
Advisory: RHSA-2026:39127,
Bugzilla: 2497466
Bugzilla Description:
python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1050
Affected Packages: python-pillow-0:5.1.1-22.el8_10,
Package States: Exploit Intelligence,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-54059
Severity: important
Released on: 06/07/2026
Advisory: RHSA-2026:39127,
Bugzilla: 2497464
Bugzilla Description:
python-pillow: Pillow: Denial of Service via crafted PCF font data
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-409
Affected Packages: python-pillow-0:5.1.1-22.el8_10,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-55798
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497462
Bugzilla Description:
python-pillow: Pillow: Arbitrary command injection via shell metacharacters in file paths
CVSS Score:
CVSSv3 Score: 4.5
Vector:
CWE: CWE-78
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-48614
Severity: critical
Released on: 06/07/2026
Advisory:
Bugzilla: 2497412
Bugzilla Description:
Plesk: Plesk: Privilege escalation via improper authorization in XML API
CVSS Score:
CVSSv3 Score: 9.9
Vector:
CWE: CWE-15
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-43825
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497394
Bugzilla Description:
org.apache.opennlp/opennlp-tools: Apache OpenNLP SvmDoccatModel: Remote code execution via untrusted Java deserialization
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat Data Grid 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-59195
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497370
Bugzilla Description:
pnpm: pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE:
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-59194
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497373
Bugzilla Description:
pnpm: pnpm: patch-remove could delete project-selected files outside the patches directory
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-13122
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497374
Bugzilla Description:
openvpn: From CVEorg collector
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-617
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-59152
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497371
Bugzilla Description:
langsmith: LangSmith SDK TracingMiddleware: Information Disclosure via Arbitrary Server-Side File Read
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE:
Affected Packages:
Package States: Exploit Intelligence,Migration Toolkit for Applications 8,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-58203
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497377
Bugzilla Description:
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,Migration Toolkit for Applications 8,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux command line assistant,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-13698
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497361
Bugzilla Description:
openvpn: From CVEorg collector
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-9165
Severity: important
Released on: 06/07/2026
Advisory: RHSA-2026:36319, RHSA-2026:36625, RHSA-2026:36207,
Bugzilla: 2480505
Bugzilla Description:
stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-400
Affected Packages: advanced-cluster-security/rhacs-main-rhel8:1783357140,advanced-cluster-security/rhacs-main-rhel9:1783352589,advanced-cluster-security/rhacs-main-rhel8:1783357116,
Package States:
Full Details
CVE document
CVE-2026-43866
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497297
Bugzilla Description:
camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,
Full Details
CVE document
CVE-2026-56140
Severity: low
Released on: 06/07/2026
Advisory:
Bugzilla: 2497289
Bugzilla Description:
org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: OpenShift Serverless,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-56139
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497277
Bugzilla Description:
org.apache.camel/camel-undertow: Apache Camel Undertow: Information disclosure via error messages containing sensitive data
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-209
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-49365
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497264
Bugzilla Description:
org.apache.camel/camel-netty-http: Apache Camel Netty HTTP: Information disclosure via error messages containing sensitive data
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-209
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-49098
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497284
Bugzilla Description:
camel-kafka: Apache Camel Kafka Component: Message redirection and injection via header manipulation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,
Full Details
CVE document
CVE-2026-46726
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497287
Bugzilla Description:
camel-vertx-websocket: Apache Camel Vertx Websocket: Server-Side Request Forgery and sensitive data exposure
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,
Full Details
CVE document
CVE-2026-46592
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497295
Bugzilla Description:
org.apache.camel/camel-cxf: Apache Camel CXF SOAP: Remote attacker can execute unintended operations via header manipulation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-46584
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497288
Bugzilla Description:
org.apache.camel/camel-mail: Apache Camel Mail Component: Credential exposure and information disclosure via improper input validation of mail headers
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-40859
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2497283
Bugzilla Description:
org.apache.camel/camel-vertx-http: Apache Camel (camel-vertx-http): Remote Code Execution via Deserialization of Untrusted Data
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-40047
Severity: moderate
Released on: 06/07/2026
Advisory:
Bugzilla: 2497262
Bugzilla Description:
camel-docling: Apache Camel Docling: CLI argument injection and path traversal
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,
Full Details
CVE document
CVE-2026-14788
Severity: low
Released on: 06/07/2026
Advisory:
Bugzilla: 2497219
Bugzilla Description:
radare2: radare2: Denial of Service via use-after-free in r_core_bin_load function
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14251
Severity: important
Released on: 06/07/2026
Advisory:
Bugzilla: 2484710
Bugzilla Description:
gitops-operator: gitops-operator: Missing allowedNamespace check in ReconcilerHook for ClusterRole/Role cases enables potential privilege escalation and DoS
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-862
Affected Packages:
Package States: Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2026-14760
Severity: low
Released on: 05/07/2026
Advisory:
Bugzilla: 2497162
Bugzilla Description:
radare2: radare2: Denial of Service via local use-after-free vulnerability
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14759
Severity: low
Released on: 05/07/2026
Advisory:
Bugzilla: 2497163
Bugzilla Description:
radare2: radare2: Denial of Service via heap-based buffer overflow
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-131
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14757
Severity: moderate
Released on: 05/07/2026
Advisory:
Bugzilla: 2497164
Bugzilla Description:
radare2: Radare2: Integer overflow allows local impact
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14742
Severity: low
Released on: 05/07/2026
Advisory:
Bugzilla: 2497132
Bugzilla Description:
langgraph: Langgraph: Information Disclosure via Weak Hash in Task Result Cache
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-328
Affected Packages:
Package States: Exploit Intelligence,Migration Toolkit for Applications 8,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-14781
Severity: moderate
Released on: 05/07/2026
Advisory:
Bugzilla: 2497118
Bugzilla Description:
keycloak-services: keycloak-services: OIDC email_verified claim incorrectly applied to userinfo email
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-1288
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-14570
Severity: important
Released on: 05/07/2026
Advisory:
Bugzilla: 2497106
Bugzilla Description:
Crypt::DSA: Crypt::DSA: Private key recovery due to biased random number generation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-338
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14686
Severity: low
Released on: 05/07/2026
Advisory: RHSA-2026:26989, RHSA-2026:34975,
Bugzilla: 2497105
Bugzilla Description:
HdrHistogram: HdrHistogram: Data integrity impact due to incorrect comparison
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-839
Affected Packages: rust-main-1.96.1-1.hum1,netavark-main-2.0.0-1.hum1,
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,
Full Details
CVE document
CVE-2026-14685
Severity: low
Released on: 04/07/2026
Advisory: RHSA-2026:26989, RHSA-2026:34975,
Bugzilla: 2497101
Bugzilla Description:
HdrHistogram: HdrHistogram: Local state issue via 'Count' argument manipulation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1284
Affected Packages: rust-main-1.96.1-1.hum1,netavark-main-2.0.0-1.hum1,
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,
Full Details
CVE document
CVE-2026-14684
Severity: low
Released on: 04/07/2026
Advisory: RHSA-2026:26989, RHSA-2026:34975,
Bugzilla: 2497103
Bugzilla Description:
org.hdrhistogram/HdrHistogram: HdrHistogram: HdrHistogram: Denial of Service via uncontrolled memory allocation in decodeFromByteBuffer
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-770
Affected Packages: rust-main-1.96.1-1.hum1,netavark-main-2.0.0-1.hum1,
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,
Full Details
CVE document
CVE-2026-14683
Severity: low
Released on: 04/07/2026
Advisory: RHSA-2026:26989, RHSA-2026:34975,
Bugzilla: 2497102
Bugzilla Description:
HdrHistogram: HdrHistogram: Denial of Service via uncontrolled memory allocation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-770
Affected Packages: rust-main-1.96.1-1.hum1,netavark-main-2.0.0-1.hum1,
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,
Full Details
CVE document
CVE-2026-14651
Severity: low
Released on: 04/07/2026
Advisory:
Bugzilla: 2497086
Bugzilla Description:
grass: Grass: Denial of Service vulnerability via local manipulation of compiler functions
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14650
Severity: low
Released on: 04/07/2026
Advisory:
Bugzilla: 2497087
Bugzilla Description:
grass: Grass: Denial of Service in UTF-8 Character Handler
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1050
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-14647
Severity: moderate
Released on: 04/07/2026
Advisory:
Bugzilla: 2497075
Bugzilla Description:
onnx: onnxruntime: ONNX: Information disclosure via out-of-bounds read
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-14535
Severity: important
Released on: 04/07/2026
Advisory:
Bugzilla: 2497049
Bugzilla Description:
fickling: Fickling: Arbitrary code execution via pickle deserialization bypass
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-693
Affected Packages:
Package States: Exploit Intelligence,
Full Details
CVE document
CVE-2026-14534
Severity: important
Released on: 04/07/2026
Advisory:
Bugzilla: 2497046
Bugzilla Description:
fickling: python: fickling: Arbitrary code execution due to incomplete denylist in deserialization
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-184
Affected Packages:
Package States: Exploit Intelligence,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-12252
Severity: important
Released on: 04/07/2026
Advisory:
Bugzilla: 2496984
Bugzilla Description:
nltk: nltk: Arbitrary Code Execution via Untrusted JAR File Loading
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-347
Affected Packages:
Package States: Exploit Intelligence,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-53360
Severity: important
Released on: 04/07/2026
Advisory:
Bugzilla: 2497032
Bugzilla Description:
kernel: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53359
Severity: important
Released on: 04/07/2026
Advisory: RHSA-2026:39983, RHSA-2026:36957, RHSA-2026:37729, RHSA-2026:39082, RHSA-2026:40082, RHSA-2026:39083, RHSA-2026:38902, RHSA-2026:39371, RHSA-2026:36956,
Bugzilla: 2497033
Bugzilla Description:
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-825
Affected Packages: kernel-0:5.14.0-570.127.1.el9_6,kernel-0:6.12.0-211.32.1.el10_2,kernel-0:5.14.0-427.137.1.el9_4,kernel-0:6.12.0-55.88.1.el10_0,kernel-0:4.18.0-553.143.1.el8_10,kernel-0:5.14.0-284.181.1.el9_2,kernel-rt-0:5.14.0-284.181.1.rt14.466.el9_2,kernel-0:5.14.0-687.24.1.el9_8,kernel-rt-0:4.18.0-553.143.1.rt7.484.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux for NVIDIA 26,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-53361
Severity: moderate
Released on: 04/07/2026
Advisory:
Bugzilla: 2497035
Bugzilla Description:
kernel: af_unix: Set gc_in_progress to true in unix_gc()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-12481
Severity: important
Released on: 03/07/2026
Advisory:
Bugzilla: 2496942
Bugzilla Description:
keras: Keras: Arbitrary code execution via deserialization vulnerability
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-14604
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496909
Bugzilla Description:
assimp: Assimp: Denial of Service vulnerability in PLY Model Handler
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-14631
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496906
Bugzilla Description:
webpack-dev-server: webpack-dev-server: Denial of Service via malformed headers
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-248
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-14620
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496907
Bugzilla Description:
webpack-dev-server: webpack-dev-server: Arbitrary file opening and denial of service via exposed developer endpoints
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-940
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-14615
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496891
Bugzilla Description:
keycloak-services: keycloak: FGAP v2 parent group children endpoint bypasses per-child view permission filter
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Red Hat Build of Keycloak,
Full Details
CVE document
CVE-2026-14614
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496889
Bugzilla Description:
keycloak-services: keycloak-services: FGAP v2 client scope assignment bypass via ClientResource
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-14613
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496878
Bugzilla Description:
keycloak-services: keycloak-services: Keycloak: FGAP v2 role groups endpoint discloses hidden group metadata without group view permission
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-14612
Severity: low
Released on: 03/07/2026
Advisory:
Bugzilla: 2496879
Bugzilla Description:
freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during OAuth2 device authorization
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-9547
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496758
Bugzilla Description:
curl: curl: Man-in-the-middle attack via SSH host key bypass
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-347
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-9546
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496770
Bugzilla Description:
libcurl: libcurl: Information disclosure due to persistent Referer header
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-201
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-9545
Severity: important
Released on: 03/07/2026
Advisory:
Bugzilla: 2496756
Bugzilla Description:
libcurl: libcurl: Information disclosure via cached SSL session and early data
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-9080
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496755
Bugzilla Description:
libcurl: libcurl: Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-825
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-9079
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496771
Bugzilla Description:
libcurl: libcurl: Information disclosure due to failure to clear proxy authentication credentials
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-212
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-8932
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496759
Bugzilla Description:
libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1025
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-8927
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496769
Bugzilla Description:
libcurl: libcurl: Information disclosure due to uncleared proxy authentication state
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-201
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-8926
Severity: moderate
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496760
Bugzilla Description:
curl: curl: Information disclosure via incorrect .netrc password lookup
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-289
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-8925
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496762
Bugzilla Description:
curl: curl: Double-free vulnerability in SASL authentication
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-1341
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-8924
Severity: moderate
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496765
Bugzilla Description:
curl: curl: Cookie injection via malicious HTTP server using super cookies
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-565
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-8286
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496763
Bugzilla Description:
curl: curl: Insecure connection establishment due to TLS configuration mismatch
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-295
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-12064
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496768
Bugzilla Description:
curl: curl: SSH host verification bypass when using schemeless URLs with SFTP/SCP
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-358
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-11856
Severity: moderate
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496767
Bugzilla Description:
curl: curl: Information disclosure via incorrect Digest authentication header reuse
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-201
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-11586
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496753
Bugzilla Description:
curl: curl: Denial of Service via WebSocket PING flood
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-11564
Severity: moderate
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496754
Bugzilla Description:
libcurl: libcurl: Certificate validation bypass due to incorrect connection reuse
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-295
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-11352
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:29017, RHSA-2026:34975,
Bugzilla: 2496757
Bugzilla Description:
curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages: rust-main-1.96.1-1.hum1,curl-main-8.21.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-10536
Severity: moderate
Released on: 03/07/2026
Advisory:
Bugzilla: 2496766
Bugzilla Description:
libcurl: libcurl: Use-after-free vulnerability leading to Denial of Service
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 8,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document
CVE-2026-14544
Severity: important
Released on: 03/07/2026
Advisory: RHSA-2026:40831, RHSA-2026:39976,
Bugzilla: 2496772
Bugzilla Description:
HPLIP: Incomplete Fix for CVE-2026-8631
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-190
Affected Packages: hplip-0:3.23.12-10.el10_2.5,hplip-0:3.21.2-6.el9_8.5,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-58467
Severity: important
Released on: 02/07/2026
Advisory:
Bugzilla: 2496697
Bugzilla Description:
cockpit: Cockpit CMS: Arbitrary file read and code execution via path traversal
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-50149
Severity: moderate
Released on: 02/07/2026
Advisory:
Bugzilla: 2499692
Bugzilla Description:
contour: Contour: JWT verification bypass allows unauthorized access via HTTPProxy misconfiguration
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-295
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54891
Severity: low
Released on: 02/07/2026
Advisory:
Bugzilla: 2496625
Bugzilla Description:
erlang: Erlang SSL: Unauthenticated data injection during TLS handshake
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-924
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-54886
Severity: moderate
Released on: 02/07/2026
Advisory:
Bugzilla: 2496623
Bugzilla Description:
erlang: Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-55952
Severity: important
Released on: 02/07/2026
Advisory:
Bugzilla: 2496626
Bugzilla Description:
erlang: Erlang/OTP: Denial of Service in TLS 1.3 session ticket handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-53422
Severity: moderate
Released on: 02/07/2026
Advisory: RHSA-2026:35998,
Bugzilla: 2496622
Bugzilla Description:
erlang: ssh: Erlang OTP ssh: Information disclosure via SFTP REALPATH handler
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-204
Affected Packages: erlang27-main-27.3.4.14-1.hum1,
Package States: Red Hat Hardened Images,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-11946
Severity: important
Released on: 02/07/2026
Advisory:
Bugzilla: 2496476
Bugzilla Description:
open62541: open62541: Denial of Service via unvalidated endpoint URL length
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54431
Severity: moderate
Released on: 02/07/2026
Advisory:
Bugzilla: 2496464
Bugzilla Description:
liboauth2: liboauth2: DPoP verifier accepts malformed proof with private key material
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-358
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54430
Severity: moderate
Released on: 02/07/2026
Advisory:
Bugzilla: 2496465
Bugzilla Description:
liboauth2: liboauth2: Server-Side Request Forgery allows unauthorized internal network access
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-918
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-9563
Severity: important
Released on: 02/07/2026
Advisory:
Bugzilla: 2496411
Bugzilla Description:
org.eclipse.parsson/parsson: Eclipse Parsson: Denial of Service via uncontrolled resource consumption in JSON parsing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-8147
Severity: important
Released on: 02/07/2026
Advisory:
Bugzilla: 2496410
Bugzilla Description:
mlflow: MLflow: Unauthorized access to trace data due to missing authorization validation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-425
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-53357
Severity: moderate
Released on: 02/07/2026
Advisory:
Bugzilla: 2496574
Bugzilla Description:
kernel: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53358
Severity: moderate
Released on: 02/07/2026
Advisory:
Bugzilla: 2496575
Bugzilla Description:
kernel: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-48978
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2499689
Bugzilla Description:
oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-918
Affected Packages:
Package States: Gatekeeper 3,Multicluster Global Hub,OpenShift Service Mesh 3,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-50151
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2499693
Bugzilla Description:
oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-522
Affected Packages:
Package States: Gatekeeper 3,Multicluster Global Hub,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-50162
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2499694
Bugzilla Description:
oras-go: oras-go: File store write outside working directory via symlink traversal
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Deployment Validation Operator,Gatekeeper 3,MCP Server for Red Hat OpenShift,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Global Hub,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ceph Storage 9,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Security Profiles Operator,Security Profiles Operator,
Full Details
CVE document
CVE-2026-50163
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2499695
Bugzilla Description:
oras-go: Oras-go: Information disclosure and arbitrary file access via crafted tarball hardlinks
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-22
Affected Packages:
Package States: Gatekeeper 3,Multicluster Global Hub,OpenShift Service Mesh 3,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,
Full Details
CVE document
CVE-2026-54786
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2496195
Bugzilla Description:
Wasmtime: Wasmtime: Leak in WASIp1 `fd_renumber` implementation
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Connectivity Link 1,Red Hat Enterprise Linux 10,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-55153
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496197
Bugzilla Description:
com.mchange/mchange-commons-java: mchange-commons-java: Remote code execution via JNDI injection
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Debezium 3,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Satellite 6,Red Hat Satellite 6,streams for Apache Kafka 2,
Full Details
CVE document
CVE-2026-48815
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2499687
Bugzilla Description:
sigstore: Sigstore: Unauthorized certificates accepted due to ignored `certificateOIDs` verification option
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-345
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-48816
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2499688
Bugzilla Description:
sigstore-js: sigstore-js: Insufficient verification of data authenticity allows timestamp manipulation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-345
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-55688
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496140
Bugzilla Description:
async-http-client: AsyncHttpClient: Cookie injection allows planting cookies for unrelated domains
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-14363
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496143
Bugzilla Description:
Cargo: Mediawiki Cargo Extension: SQL Injection vulnerability
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-89
Affected Packages:
Package States: Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-55597
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496158
Bugzilla Description:
ImageMagick: ImageMagick: Heap buffer overwrite via incorrect argument handling in JP2 encoder
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-55595
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496147
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via invalid arguments to connected-components option
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-55594
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496145
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via crafted image in MVG decoder
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-55577
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496142
Bugzilla Description:
ImageMagick: ImageMagick: Heap buffer overflow in MVG decoder allows out-of-bounds write
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-55510
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496157
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via crafted 8BIM profile
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-53467
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496151
Bugzilla Description:
ImageMagick: ImageMagick: Information disclosure vulnerability in MNG decoder
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-13769
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496161
Bugzilla Description:
aws-cli: AWS CLI: Information disclosure via overly permissive file permissions
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-277
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-58517
Severity: critical
Released on: 01/07/2026
Advisory:
Bugzilla: 2496133
Bugzilla Description:
wikilambda: WikiLambda Extension: Authentication bypass due to improper input neutralization
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-140
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-53466
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496131
Bugzilla Description:
ImageMagick: ImageMagick: Denial of Service via integer overflow in XCF decoder
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-55628
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496134
Bugzilla Description:
ImageMagick: ImageMagick: Unauthorized file access due to missing policy checks in concatenate operation
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-53489
Severity: important
Released on: 01/07/2026
Advisory: RHSA-2026:15862, RHSA-2026:32963, RHSA-2026:32974,
Bugzilla: 2496129
Bugzilla Description:
github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-59
Affected Packages: syft-main-1.46.0-0.1.hum1,grype-main-0.115.0-0.1.hum1,trivy-main-0.69.3-1.2.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Deployment Validation Operator,Exploit Intelligence,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,MCP Server for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Ceph Storage 6,Red Hat Ceph Storage 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-53492
Severity: important
Released on: 01/07/2026
Advisory: RHSA-2026:36873, RHSA-2026:15862, RHSA-2026:32963, RHSA-2026:32974,
Bugzilla: 2496130
Bugzilla Description:
github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-807
Affected Packages: rhacm2/submariner-rhel9-operator:1782933193,syft-main-1.46.0-0.1.hum1,grype-main-0.115.0-0.1.hum1,trivy-main-0.69.3-1.2.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Deployment Validation Operator,Exploit Intelligence,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,MCP Server for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Ceph Storage 6,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-50195
Severity: moderate
Released on: 01/07/2026
Advisory: RHSA-2026:35111,
Bugzilla: 2496128
Bugzilla Description:
github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-1289
Affected Packages: trivy-main-0.72.0-0.1.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Deployment Validation Operator,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,MCP Server for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Ceph Storage 6,Red Hat Ceph Storage 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-47262
Severity: moderate
Released on: 01/07/2026
Advisory: RHSA-2026:26990, RHSA-2026:35111, RHSA-2026:29770, RHSA-2026:25535, RHSA-2026:32963, RHSA-2026:32974,
Bugzilla: 2496126
Bugzilla Description:
github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages: syft-main-1.46.0-0.1.hum1,kubernetes1-36-main-1.36.2-2.hum1,trivy-main-0.72.0-0.1.hum1,kubernetes1-35-main-1.35.6-1.hum1,grype-main-0.115.0-0.1.hum1,opentelemetry-collector-contrib-main-0.155.0-0.1.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Deployment Validation Operator,Exploit Intelligence,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,MCP Server for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Ceph Storage 6,Red Hat Ceph Storage 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-46680
Severity: important
Released on: 01/07/2026
Advisory: RHSA-2026:35111,
Bugzilla: 2496104
Bugzilla Description:
github.com/containerd/containerd: containerd: Privilege escalation via incorrect user ID handling
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-681
Affected Packages: trivy-main-0.72.0-0.1.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Deployment Validation Operator,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,MCP Server for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Ceph Storage 6,Red Hat Ceph Storage 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-5051
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496100
Bugzilla Description:
Vault: Vault Enterprise: HashiCorp Vault: Audit device validation bypass via legacy file audit path option
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-807
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,
Full Details
CVE document
CVE-2026-54428
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496106
Bugzilla Description:
org.apache.httpcomponents.core5/httpcore5-h2: Apache HttpComponents Core: Denial of Service via oversized HTTP/2 HPACK header blocks
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,Red Hat AMQ Clients,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54399
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496101
Bugzilla Description:
org.apache.httpcomponents.core5/httpcore5: Apache HttpComponents Core: Denial of Service via excessive HTTP headers
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 2,streams for Apache Kafka 3,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-12480
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2496097
Bugzilla Description:
keras: Keras: Information disclosure via malicious model archive with Virtual Dataset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-20243
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496112
Bugzilla Description:
clamav: ClamAV: Denial of Service via crafted ALZ file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-20244
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496095
Bugzilla Description:
clamav: ClamAV: Denial of Service via crafted DMG file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-20215
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496105
Bugzilla Description:
clamav: ClamAV: Denial of Service via crafted 7z file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-20217
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496102
Bugzilla Description:
clamav: ClamAV: Denial of Service via crafted PESpin file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-20216
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496115
Bugzilla Description:
ClamAV: ClamAV: Denial of Service via crafted InstallShield file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-20213
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496085
Bugzilla Description:
ClamAV: ClamAV: Denial of Service via crafted Portable Executable (PE) files
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-20214
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496096
Bugzilla Description:
clamav: ClamAV: Denial of Service via crafted FSG file parsing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-58038
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2496016
Bugzilla Description:
timeline: EasyTimeline: Wikimedia Foundation Timeline: Cross-site Scripting vulnerability
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-79
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-24260
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496027
Bugzilla Description:
NVIDIA Container Toolkit: NVIDIA Container Toolkit: Privilege escalation and code execution via race condition
CVSS Score:
CVSSv3 Score: 8.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-58031
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495993
Bugzilla Description:
MediaWiki: MediaWiki: Cross-site scripting vulnerability due to improper input neutralization
CVSS Score:
CVSSv3 Score: 4.6
Vector:
CWE: CWE-79
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-5138
Severity: moderate
Released on: 01/07/2026
Advisory: RHSA-2026:34366, RHSA-2026:34367, RHSA-2026:34365, RHSA-2026:34368,
Bugzilla: 2452971
Bugzilla Description:
foreman: Foreman: Information disclosure via improper validation of nested request parameters
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-639
Affected Packages: foreman-0:3.14.0.17-1.el9sat,foreman-0:3.18.0.7-1.el9sat,foreman-0:3.12.0.17-1.el9sat,foreman-0:3.12.0.17-1.el8sat,foreman-0:3.16.0.17-1.el9sat,
Package States: Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-5136
Severity: important
Released on: 01/07/2026
Advisory: RHSA-2026:34366, RHSA-2026:34367, RHSA-2026:34365, RHSA-2026:34368,
Bugzilla: 2452970
Bugzilla Description:
foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-266
Affected Packages: foreman-0:3.14.0.17-1.el9sat,foreman-0:3.18.0.7-1.el9sat,foreman-0:3.12.0.17-1.el9sat,foreman-0:3.12.0.17-1.el8sat,foreman-0:3.16.0.17-1.el9sat,
Package States: Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-13323
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495898
Bugzilla Description:
openvsx: Open VSX Registry: Supply chain attack via cross-site scripting
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-56016
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2495858
Bugzilla Description:
perl-CGI-Session: perl-CGI-Session: Authentication bypass via predictable session IDs
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-331
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2025-15666
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495848
Bugzilla Description:
assimp: Assimp: Heap-based buffer overflow via crafted model file
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53488
Severity: important
Released on: 01/07/2026
Advisory: RHSA-2026:37252, RHSA-2026:36319, RHSA-2026:36167, RHSA-2026:35111, RHSA-2026:36105, RHSA-2026:36873, RHSA-2026:36625, RHSA-2026:36207,
Bugzilla: 2495815
Bugzilla Description:
github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-78
Affected Packages: rhacm2/submariner-rhel9-operator:1782933193,multicluster-engine/assisted-service-8-rhel8:1783332008,trivy-main-0.72.0-0.1.hum1,multicluster-engine/assisted-service-9-rhel9:1783350355,advanced-cluster-security/rhacs-main-rhel8:1783357140,advanced-cluster-security/rhacs-main-rhel9:1783352589,multicluster-engine/assisted-installer-rhel8:1783407900,advanced-cluster-security/rhacs-scanner-v4-rhel9:1783352589,multicluster-engine/assisted-installer-controller-rhel8:1783407939,multicluster-engine/assisted-installer-agent-rhel9:1783592566,advanced-cluster-security/rhacs-rhel9-operator:1783352589,advanced-cluster-security/rhacs-operator-bundle:1783352589,multicluster-engine/assisted-service-9-rhel9:1783333268,advanced-cluster-security/rhacs-roxctl-rhel9:1783352589,advanced-cluster-security/rhacs-main-rhel8:1783357116,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Deployment Validation Operator,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,MCP Server for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Ceph Storage 6,Red Hat Ceph Storage 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-14324
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495903
Bugzilla Description:
pipewire: RAOP RTSP NULL Deref
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-14330
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495907
Bugzilla Description:
pipewire: Pulse Server alloca Stack Overflow
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53346
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495926
Bugzilla Description:
kernel: rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES
CVSS Score:
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53333
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495927
Bugzilla Description:
kernel: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-393
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53353
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495928
Bugzilla Description:
kernel: hsr: Remove WARN_ONCE() in hsr_addr_is_self()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-826
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53349
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495929
Bugzilla Description:
kernel: netfilter: nf_conntrack: destroy stale expectfn expectations on unregister
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53352
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495930
Bugzilla Description:
kernel: signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53338
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495931
Bugzilla Description:
kernel: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53348
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495932
Bugzilla Description:
kernel: ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53343
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495933
Bugzilla Description:
kernel: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
CVSS Score:
Vector:
CWE: CWE-468
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53334
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495934
Bugzilla Description:
kernel: mm/damon/reclaim: handle ctx allocation failure
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53344
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495936
Bugzilla Description:
kernel: pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53345
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495937
Bugzilla Description:
kernel: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53341
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495938
Bugzilla Description:
kernel: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53354
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495939
Bugzilla Description:
kernel: arm64: errata: Mitigate TLBI errata on various Arm CPUs
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1037
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53351
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495940
Bugzilla Description:
kernel: riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI
CVSS Score:
Vector:
CWE: CWE-843
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53329
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495941
Bugzilla Description:
kernel: drm/amd/display: Use krealloc_array() in dal_vector_reserve()
CVSS Score:
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53355
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495942
Bugzilla Description:
kernel: net: rds: clear i_sends on setup unwind
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53328
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495943
Bugzilla Description:
kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53332
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495944
Bugzilla Description:
kernel: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53342
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495945
Bugzilla Description:
kernel: arm64: mm: call pagetable dtor when freeing hot-removed page tables
CVSS Score:
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53335
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495946
Bugzilla Description:
kernel: mm/damon/lru_sort: handle ctx allocation failure
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53326
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495947
Bugzilla Description:
kernel: debugobjects: Don't call fill_pool() in early boot hardirq context
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53339
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495948
Bugzilla Description:
kernel: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53356
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495950
Bugzilla Description:
kernel: drm/i915/gem: Fix phys BO pread/pwrite with offset
CVSS Score:
Vector:
CWE: CWE-823
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53331
Severity: moderate
Released on: 01/07/2026
Advisory:
Bugzilla: 2495951
Bugzilla Description:
kernel: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock
CVSS Score:
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53327
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495952
Bugzilla Description:
kernel: debugobjects: Do not fill_pool() if pi_blocked_on
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53336
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495953
Bugzilla Description:
kernel: nvmem: layouts: onie-tlv: fix hang on unknown types
CVSS Score:
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53350
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495954
Bugzilla Description:
kernel: ASoC: wm_adsp: Fix NULL dereference when removing firmware controls
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53347
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495955
Bugzilla Description:
kernel: drm/virtio: Fix driver removal with disabled KMS
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53340
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495956
Bugzilla Description:
kernel: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53330
Severity:
Released on: 01/07/2026
Advisory:
Bugzilla: 2495957
Bugzilla Description:
kernel: drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()
CVSS Score:
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53337
Severity: low
Released on: 01/07/2026
Advisory:
Bugzilla: 2495958
Bugzilla Description:
kernel: net: bonding: fix NULL pointer dereference in bond_do_ioctl()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-15416
Severity: important
Released on: 01/07/2026
Advisory:
Bugzilla: 2496732
Bugzilla Description:
argo-cd: Argo CD unauthenticated remote code execution in repo-server via GenerateManifest gRPC endpoint
CVSS Score:
CVSSv3 Score: 8.9
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,
Full Details
CVE document
CVE-2026-54903
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495949
Bugzilla Description:
oj: Oj: Heap corruption and Denial of Service via integer overflow in JSON parsing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54902
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495920
Bugzilla Description:
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54901
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495919
Bugzilla Description:
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54900
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495759
Bugzilla Description:
oj: Oj: Heap corruption via crafted JSON object key
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-131
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54898
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495699
Bugzilla Description:
oj: Oj: Denial of Service via input string mutation during JSON parsing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54897
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495790
Bugzilla Description:
oj: Oj: Use-After-Free in Oj::Doc Iterators via reentrant close
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-364
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54896
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495716
Bugzilla Description:
oj: Oj: Heap buffer overflow in exception serialization
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54592
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495750
Bugzilla Description:
oj: Oj: Denial of Service via deeply nested JSON input
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54502
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495807
Bugzilla Description:
Oj: Stack Buffer Overflow in Oj.dump via Large Indent
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54500
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495723
Bugzilla Description:
oj: Oj: Information disclosure via uninitialized stack memory read
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54899
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495753
Bugzilla Description:
oj: Oj: Use-After-Free in parser symbol key cache toggle
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-55223
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495798
Bugzilla Description:
c3p0: c3p0: Remote code execution via deserialization vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Debezium 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Satellite 6,Red Hat Satellite 6,streams for Apache Kafka 2,
Full Details
CVE document
CVE-2026-54672
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2495426
Bugzilla Description:
electron-updater: app-builder-lib: Electron-updater: Arbitrary code execution through AppImage library loading vulnerability
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-427
Affected Packages:
Package States: Red Hat Build of Podman Desktop,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-54673
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495432
Bugzilla Description:
electron-updater: electron-builder: Electron-updater: Information disclosure via unstripped credential headers during HTTP redirects
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat Build of Podman Desktop,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-56377
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495416
Bugzilla Description:
Imagemagick: ImageMagick - Policy Bypass via Incorrect Path Validation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56369
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495443
Bugzilla Description:
ImageMagick: ImageMagick: Information disclosure due to AES-CTR nonce reuse
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-323
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56365
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495448
Bugzilla Description:
Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in PNG encoder when processing MNG images
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56364
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495437
Bugzilla Description:
Magick.NET-Q8-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x86: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-arm64: Magick.NET-Q16-x86: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q8-AnyCPU: Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: ImageMagick: Denial of Service via memory leak in OpenCL device profile XML parsing
CVSS Score:
CVSSv3 Score: 1.9
Vector:
CWE: CWE-401
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56363
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495408
Bugzilla Description:
Imagemagick: ImageMagick - Division by Zero in Binomial Kernel Processing
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56361
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495418
Bugzilla Description:
ImageMagick: ImageMagick: Heap buffer overflow via incorrect morphology parameters
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-57204
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2496040
Bugzilla Description:
pypdf: pypdf: Denial of Service via crafted PDF with missing stream length
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Exploit Intelligence,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-49478
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2499690
Bugzilla Description:
github.com/sigstore/fulcio: Fulcio: Server-Side Request Forgery and Kubernetes ServiceAccount token leakage
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-918
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Confidential Compute Attestation,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Lightspeed Core,Lightspeed Core,Lightspeed Core,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multiarch Tuning Operator,Multiarch Tuning Operator,Multiarch Tuning Operator,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Podman Desktop,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Security Profiles Operator,Security Profiles Operator,Security Profiles Operator,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-49835
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2499691
Bugzilla Description:
timestamp-authority: Sigstore Timestamp Authority: Denial of Service via unbounded metric label cardinality
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Trusted Artifact Signer,
Full Details
CVE document
CVE-2026-58371
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495033
Bugzilla Description:
github.com/seaweedfs/seaweedfs: SeaweedFS: Information disclosure via unvalidated JSONP callback parameter
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Cryostat 4,
Full Details
CVE document
CVE-2026-13455
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2495009
Bugzilla Description:
postgresql_anonymizer: PostgreSQL Anonymizer: Information Disclosure via brute-force attack on hash function
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-916
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-58374
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2494924
Bugzilla Description:
hostapd: hostapd: Denial of Service via malformed Wi-Fi 7 Multi-Link Operation association request
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53433
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2494891
Bugzilla Description:
fzf: fzf: Denial of Service via inefficient HTTP body processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1046
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-53432
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2494892
Bugzilla Description:
github.com/junegunn/fzf: fzf: Denial of Service via Integer Overflow in FuzzyMatchV2 function
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-12388
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2489140
Bugzilla Description:
keycloak-broker: Keycloak: Privilege escalation to realm administrator via improper authorization in identity provider mapper
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Build of Keycloak,
Full Details
CVE document
CVE-2026-14209
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2494837
Bugzilla Description:
keycloak-admin-ui: keycloak-admin-ui:Admin UI extension brute-force-user endpoint bypasses FGAPv2 user view restrictions
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-49434
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494843
Bugzilla Description:
org.apache.activemq/activemq-broker: org.apache.activemq/activemq-core: org.apache.activemq/activemq-all: Apache ActiveMQ: Unauthorized broker instantiation via improper input validation in LDAP entries
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-90
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-49432
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494847
Bugzilla Description:
org.apache.activemq/activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-stomp: Apache ActiveMQ: Denial of Service via improper input validation in STOMP connector
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-839
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-50734
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494841
Bugzilla Description:
Apache ActiveMQ Client: Apache ActiveMQ: Apache ActiveMQ All: Apache ActiveMQ: Denial of Service via crafted WireFormatInfo frame
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-50750
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494845
Bugzilla Description:
activemq: Apache ActiveMQ: Denial of Service via repeated BrokerInfo commands
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-53916
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494846
Bugzilla Description:
activemq-stomp: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-789
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-53917
Severity: moderate
Released on: 30/06/2026
Advisory:
Bugzilla: 2494842
Bugzilla Description:
activemq: activemq-all: activemq-client: activemq-broker: Apache ActiveMQ: Denial of Service via crafted OpenWire Message
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-54475
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494840
Bugzilla Description:
org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq: Apache ActiveMQ: Information disclosure due to broken temporary destination isolation
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-13149
Severity: important
Released on: 30/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:34478,
Bugzilla: 2494813
Bugzilla Description:
brace-expansion: Brace-expansion: Denial of Service due to exponential-time complexity
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages: nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-main-24.18.0-0.2.hum1,
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Cryostat 4,Exploit Intelligence,Gatekeeper 3,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat Build of Keycloak,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Discovery 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-45822
Severity: important
Released on: 30/06/2026
Advisory: RHSA-2026:40262,
Bugzilla: 2494807
Bugzilla Description:
decode-uri-component: decode-uri-component: Denial of Service via crafted input
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1050
Affected Packages: quay/quay-rhel8:1784125838,
Package States: Migration Toolkit for Containers,OpenShift Pipelines,OpenShift Pipelines,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift distributed tracing 3,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-12243
Severity: important
Released on: 30/06/2026
Advisory:
Bugzilla: 2494748
Bugzilla Description:
nltk: NLTK: Information disclosure via path traversal vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Exploit Intelligence,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-14101
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495801
Bugzilla Description:
chromium-browser: Insufficient policy enforcement in Sandbox
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-653
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-37106
Severity: low
Released on: 30/06/2026
Advisory:
Bugzilla: 2495995
Bugzilla Description:
DokuWiki: DokuWiki: Unauthorized account creation via registration function
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-306
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-55956
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:29203, RHSA-2026:32960,
Bugzilla: 2494676
Bugzilla Description:
tomcat: Apache Tomcat: Improper Authorization Allows Security Constraint Bypass
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-551
Affected Packages: tomcat11-main-11.0.23-0.1.hum1,tomcat10-main-10.1.56-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 7,
Full Details
CVE document
CVE-2026-55955
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:29203, RHSA-2026:32960,
Bugzilla: 2494678
Bugzilla Description:
tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-294
Affected Packages: tomcat11-main-11.0.23-0.1.hum1,tomcat10-main-10.1.56-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 7,
Full Details
CVE document
CVE-2026-55276
Severity: low
Released on: 29/06/2026
Advisory: RHSA-2026:29203, RHSA-2026:32960,
Bugzilla: 2494675
Bugzilla Description:
tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow
CVSS Score:
CVSSv3 Score: 2.3
Vector:
CWE: CWE-778
Affected Packages: tomcat11-main-11.0.23-0.1.hum1,tomcat10-main-10.1.56-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 7,
Full Details
CVE document
CVE-2026-53434
Severity: low
Released on: 29/06/2026
Advisory: RHSA-2026:29203, RHSA-2026:32960,
Bugzilla: 2494668
Bugzilla Description:
tomcat: Apache Tomcat: Error condition not handled when configuring CRLs
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-390
Affected Packages: tomcat11-main-11.0.23-0.1.hum1,tomcat10-main-10.1.56-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 7,
Full Details
CVE document
CVE-2026-53404
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:29203, RHSA-2026:32960,
Bugzilla: 2494681
Bugzilla Description:
Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-358
Affected Packages: tomcat11-main-11.0.23-0.1.hum1,tomcat10-main-10.1.56-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 7,
Full Details
CVE document
CVE-2026-50229
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:32960,
Bugzilla: 2494688
Bugzilla Description:
tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages: tomcat11-main-11.0.23-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat JBoss Web Server 7,
Full Details
CVE document
CVE-2026-13574
Severity: low
Released on: 29/06/2026
Advisory: RHSA-2026:7634, RHSA-2026:24069,
Bugzilla: 2494420
Bugzilla Description:
llvm: llvm-project: LLVM: Denial of service via heap-based buffer overflow in Bitcode File Handler
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-805
Affected Packages: llvm21-main-21.1.8-6.hum1,llvm-main-21.1.8-1.1.hum1,
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-55607
Severity: important
Released on: 29/06/2026
Advisory:
Bugzilla: 2494422
Bugzilla Description:
Claude Code: @anthropic-ai/claude-code: Claude Code: Arbitrary code execution through git directory confusion
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-59
Affected Packages:
Package States: OpenShift Lightspeed,
Full Details
CVE document
CVE-2026-46406
Severity: moderate
Released on: 29/06/2026
Advisory:
Bugzilla: 2494423
Bugzilla Description:
@anthropic-ai/claude-code: Claude Code: Information disclosure and file overwrite via insecure temporary file in /copy command
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-59
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-13573
Severity: low
Released on: 29/06/2026
Advisory: RHSA-2026:7634, RHSA-2026:24069,
Bugzilla: 2494424
Bugzilla Description:
llvm: llvm: Denial of Service via stack-based buffer overflow in StringMap::insert
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-120
Affected Packages: llvm21-main-21.1.8-6.hum1,llvm-main-21.1.8-1.1.hum1,
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-13676
Severity: important
Released on: 29/06/2026
Advisory: RHSA-2026:37186, RHSA-2026:37628, RHSA-2026:40262, RHSA-2026:37585, RHSA-2026:40118,
Bugzilla: 2494197
Bugzilla Description:
fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-551
Affected Packages: rhem/flightctl-ui-rhel9:1784127736,openshift4/ose-monitoring-plugin-rhel9:1783596795,openshift4/ose-monitoring-plugin-rhel9:1783510956,quay/quay-rhel8:1784125838,rhem/flightctl-ui-ocp-rhel9:1784126822,openshift4/ose-monitoring-plugin-rhel9:1783559447,
Package States: Confidential Compute Attestation,Cryostat 4,Cryostat 4,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Network Observability Operator,Network Observability Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat Build of Podman Desktop,Red Hat Connectivity Link 1,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-11979
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:33840,
Bugzilla: 2494191
Bugzilla Description:
libxml2: libxml2: Arbitrary code execution in xmlcatalog utility via buffer overflow
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-120
Affected Packages: libxml2-main-2.15.3-0.1.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-54369
Severity: important
Released on: 29/06/2026
Advisory: RHSA-2026:34351,
Bugzilla: 2490277
Bugzilla Description:
acl: Symlink traversal privilege escalation via libacl functions
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-59
Affected Packages: acl-main-2.4.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-54370
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:34351,
Bugzilla: 2490279
Bugzilla Description:
acl: TOCTOU Symlink Traversal via getfacl/setfacl
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-367
Affected Packages: acl-main-2.4.0-0.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-54371
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:34889,
Bugzilla: 2490283
Bugzilla Description:
attr: Symlink Traversal Privilege Escalation via getfattr and setfattr
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-59
Affected Packages: attr-main-2.6.0-9.1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-12856
Severity: important
Released on: 29/06/2026
Advisory: RHSA-2026:36820,
Bugzilla: 2491278
Bugzilla Description:
vscode-java: vscode: Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-88
Affected Packages: devspaces/pluginregistry-rhel9:1782989367,
Package States:
Full Details
CVE document
CVE-2026-41991
Severity: moderate
Released on: 29/06/2026
Advisory: RHSA-2026:33771,
Bugzilla: 2494158
Bugzilla Description:
gzip: gzip: Arbitrary file overwrite via insecure temporary file handling in gzexe utility
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-59
Affected Packages: gzip-main-1.14-2.2.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-53325
Severity: low
Released on: 29/06/2026
Advisory:
Bugzilla: 2494092
Bugzilla Description:
kernel: agp/amd64: Fix broken error propagation in agp_amd64_probe()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-13503
Severity: moderate
Released on: 28/06/2026
Advisory:
Bugzilla: 2493994
Bugzilla Description:
antlr: ANTLR4: antlr ANTLR4: Path traversal via manipulation of getImportedVocabFile function
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-13500
Severity: important
Released on: 28/06/2026
Advisory:
Bugzilla: 2493988
Bugzilla Description:
antlr: ANTLR4: Remote code injection vulnerability
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-13606
Severity: important
Released on: 28/06/2026
Advisory:
Bugzilla: 2494107
Bugzilla Description:
GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13484
Severity: moderate
Released on: 28/06/2026
Advisory:
Bugzilla: 2493968
Bugzilla Description:
mlflow: MLflow: Unauthorized access and data manipulation via missing API authorization
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-58058
Severity: moderate
Released on: 28/06/2026
Advisory:
Bugzilla: 2493951
Bugzilla Description:
nmap: Nmap: Denial of Service via crafted IPv6 response
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-58051
Severity: moderate
Released on: 28/06/2026
Advisory:
Bugzilla: 2493950
Bugzilla Description:
libssh2: libssh2: Denial of service or information disclosure via malformed SSH publickey response
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58050
Severity: moderate
Released on: 28/06/2026
Advisory:
Bugzilla: 2493955
Bugzilla Description:
libssh2: libssh2: Heap buffer overflow via integer overflow in publickey attribute allocation
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-58049
Severity: important
Released on: 28/06/2026
Advisory:
Bugzilla: 2493952
Bugzilla Description:
FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-48758
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2499686
Bugzilla Description:
sigstore-core: @sigstore/core: Signature bypass due to incorrect encoding in preAuthEncoding
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-347
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-54753
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493647
Bugzilla Description:
Nx: Nx: `nx graph` dev server permissive CORS policy
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,
Full Details
CVE document
CVE-2026-48090
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493650
Bugzilla Description:
envoy: Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-416
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-47220
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493652
Bugzilla Description:
envoy: Envoy: Denial of Service via missing host header in specific logging configurations
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-47205
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493648
Bugzilla Description:
envoy: Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-416
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-47692
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493675
Bugzilla Description:
envoy: Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-130
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-48706
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493676
Bugzilla Description:
envoy: Envoy Heap Buffer Overflow in TcpStatsdSink
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-787
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-47204
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2494195
Bugzilla Description:
envoy: Envoy: Denial of Service via Connect protocol request
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-47221
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493646
Bugzilla Description:
envoy: Envoy: Null pointer deref in internal redirects
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-476
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-48743
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2494518
Bugzilla Description:
envoy: Envoy: Request desynchronization allows security policy bypass via HTTP/3 to HTTP/1 translation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-444
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-48044
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493649
Bugzilla Description:
Envoy: Envoy: Denial of Service via specially crafted zstd payload
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-48042
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2494196
Bugzilla Description:
envoy: Envoy: Denial of Service via deeply nested JSON objects
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-47778
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493860
Bugzilla Description:
envoy: Envoy: Information disclosure via malicious certificate with NUL byte in DNS Subject Alternative Name (SAN)
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-170
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,
Full Details
CVE document
CVE-2026-56876
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493633
Bugzilla Description:
extract-zip: github.com/maxogden/extract-zip: extract-zip: Arbitrary file write and information disclosure via symlink validation bypass
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Cryostat 4,Multicluster Engine for Kubernetes,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Build of Podman Desktop,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-55686
Severity: moderate
Released on: 26/06/2026
Advisory: RHSA-2026:29954,
Bugzilla: 2493624
Bugzilla Description:
github.com/containers/podman: Podman: Host filesystem modification via malicious container image WORKDIR symlink
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-59
Affected Packages: podman-main-6.0.0-1.hum1,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-57231
Severity: important
Released on: 26/06/2026
Advisory: RHSA-2026:37123, RHSA-2026:38504, RHSA-2026:37072, RHSA-2026:29954,
Bugzilla: 2493620
Bugzilla Description:
podman: Podman: Information disclosure via malicious container image environment variables
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-914
Affected Packages: podman-7:5.8.2-4.el10_2,podman-6:5.8.2-4.el9_8,podman-main-6.0.0-1.hum1,container-tools:rhel8-8100020260709093628.afee755d,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document
CVE-2026-47214
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493600
Bugzilla Description:
docling: Docling: Unsafe URI and Path Handling in HTML Backend
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-44018
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493607
Bugzilla Description:
docling: Docling: Denial of Service via crafted document archives
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-611
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-5757
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493588
Bugzilla Description:
Ollama: Ollama: Information disclosure vulnerability in model quantization engine
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Debezium 3,Red Hat build of Debezium 3,Red Hat OpenShift AI (RHOAI),Red Hat Trusted Profile Analyzer,
Full Details
CVE document
CVE-2026-57915
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493407
Bugzilla Description:
Apache Kerby: org.apache.kerby/kerb-server: Apache Kerby: Kerberos pre-authentication bypass via unrecognized PA-DATA
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-358
Affected Packages:
Package States: Red Hat AMQ Clients,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-57914
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493399
Bugzilla Description:
apache-kerby: org.apache.kerby/kerby-asn1: Apache Kerby: Denial of Service via deeply nested ASN.1 structure
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: Red Hat AMQ Clients,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-13325
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493378
Bugzilla Description:
virt-handler-rhel9: kubevirt: kubevirt: DisableTLS migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces
CVSS Score:
CVSSv3 Score: 8.5
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-6658
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493377
Bugzilla Description:
nbconvert: nbconvert: Cross-site Scripting via unsanitized Mermaid output in HTML exports
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-48930
Severity: moderate
Released on: 26/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:35892, RHSA-2026:35891, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493326
Bugzilla Description:
nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-170
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs24-main-24.18.0-0.2.hum1,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48619
Severity: moderate
Released on: 26/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:35892, RHSA-2026:35891, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493325
Bugzilla Description:
nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs24-main-24.18.0-0.2.hum1,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48935
Severity: low
Released on: 26/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:35892, RHSA-2026:35891, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493329
Bugzilla Description:
nodejs: Node.js: Unauthorized file metadata modification
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-279
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs24-main-24.18.0-0.2.hum1,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48933
Severity: important
Released on: 26/06/2026
Advisory: RHSA-2026:39246, RHSA-2026:35892, RHSA-2026:29012, RHSA-2026:35891, RHSA-2026:30172, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:28727, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493331
Bugzilla Description:
nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs22-main-22.23.1-1.hum1,nodejs24-main-24.18.0-0.1.hum1,nodejs26-main-26.4.0-1.2.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs22-1:22.23.1-2.el10_0,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48934
Severity: moderate
Released on: 26/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:35892, RHSA-2026:35891, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493332
Bugzilla Description:
nodejs: Node.js: Certification validation bypass in TLS host verification
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-295
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs24-main-24.18.0-0.2.hum1,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48928
Severity: moderate
Released on: 26/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:35892, RHSA-2026:35891, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493333
Bugzilla Description:
Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-289
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs24-main-24.18.0-0.2.hum1,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48615
Severity: moderate
Released on: 26/06/2026
Advisory: RHSA-2026:39246, RHSA-2026:35892, RHSA-2026:29012, RHSA-2026:35891, RHSA-2026:30172, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:28727, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493335
Bugzilla Description:
nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-209
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs22-main-22.23.1-1.hum1,nodejs24-main-24.18.0-0.1.hum1,nodejs26-main-26.4.0-1.2.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs22-1:22.23.1-2.el10_0,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-48936
Severity: low
Released on: 26/06/2026
Advisory: RHSA-2026:35272, RHSA-2026:33866, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:9455,
Bugzilla: 2493336
Bugzilla Description:
nodejs: Node.js: Local server can be started without network permission via Permission API flaw
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-648
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs25-main-25.9.0-1.1.hum1,nodejs26-main-26.4.0-1.3.hum1,nodejs22-main-22.23.1-2.hum1,nodejs24-main-24.18.0-0.2.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-48618
Severity: important
Released on: 26/06/2026
Advisory: RHSA-2026:39246, RHSA-2026:35892, RHSA-2026:29012, RHSA-2026:35891, RHSA-2026:30172, RHSA-2026:35841, RHSA-2026:39868, RHSA-2026:28727, RHSA-2026:7378, RHSA-2026:35842, RHSA-2026:9455,
Bugzilla: 2493337
Bugzilla Description:
nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-289
Affected Packages: nodejs20-main-20.20.2-1.hum1,nodejs22-main-22.23.1-1.hum1,nodejs24-main-24.18.0-0.1.hum1,nodejs26-main-26.4.0-1.2.hum1,nodejs:24-9080020260626074955.rhel9,nodejs:22-9080020260626075442.rhel9,nodejs25-main-25.9.0-1.1.hum1,nodejs24-1:24.18.0-1.el10_2,nodejs:24-8100020260630152626.6d880403,nodejs22-1:22.23.1-2.el10_2,nodejs22-1:22.23.1-2.el10_0,
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-13434
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493576
Bugzilla Description:
virt-controller-rhel9: kubevirt: kubevirt: Multus default-network annotation injection via unvalidated tenant networkName when ExternalNetResourceInjection is enabled
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-53323
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493699
Bugzilla Description:
kernel: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-764
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53293
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493700
Bugzilla Description:
kernel: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53299
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493702
Bugzilla Description:
kernel: net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53315
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493703
Bugzilla Description:
kernel: drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53278
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493704
Bugzilla Description:
kernel: arm_mpam: Check whether the config array is allocated before destroying it
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53301
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493705
Bugzilla Description:
kernel: reset: amlogic: t7: Fix null reset ops
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53305
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493706
Bugzilla Description:
kernel: usb: typec: ps883x: Fix Oops at unbind
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53321
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493708
Bugzilla Description:
kernel: io_uring/napi: cap busy_poll_to 10 msec
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53322
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493709
Bugzilla Description:
kernel: vfio/pci: Clean up DMABUFs before disabling function
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-826
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53314
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493711
Bugzilla Description:
kernel: padata: Put CPU offline callback in ONLINE section to allow failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53289
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493715
Bugzilla Description:
kernel: ice: fix NULL pointer dereference in ice_reset_all_vfs()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53283
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493716
Bugzilla Description:
kernel: iommu/amd: Bounds-check devid in __rlookup_amd_iommu()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53285
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493717
Bugzilla Description:
kernel: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-663
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53317
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493718
Bugzilla Description:
kernel: wifi: mt76: mt7921: Place upper limit on station AID
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53318
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493721
Bugzilla Description:
kernel: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53288
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493724
Bugzilla Description:
kernel: arm64: Reserve an extra page for early kernel mapping
CVSS Score:
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53306
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493725
Bugzilla Description:
kernel: tty: hvc_iucv: fix off-by-one in number of supported devices
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53312
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493726
Bugzilla Description:
kernel: iommu/riscv: Remove overflows on the invalidation path
CVSS Score:
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53281
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493728
Bugzilla Description:
kernel: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53298
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493729
Bugzilla Description:
kernel: net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53302
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493730
Bugzilla Description:
kernel: crypto: eip93 - fix hmac setkey algo selection
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53287
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493732
Bugzilla Description:
kernel: audit: fix incorrect inheritable capability in CAPSET records
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53313
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493733
Bugzilla Description:
kernel: drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53296
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493734
Bugzilla Description:
kernel: mailbox: mailbox-test: free channels on probe error
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53316
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493735
Bugzilla Description:
kernel: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53324
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493737
Bugzilla Description:
kernel: net: mana: Use pci_name() for debugfs directory naming
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53290
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493739
Bugzilla Description:
kernel: drm/xe/eustall: Fix drm_dev_put called before stream disable in close
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53308
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493740
Bugzilla Description:
kernel: power: supply: max77705: Free allocated workqueue and fix removal order
CVSS Score:
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53286
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493742
Bugzilla Description:
kernel: idpf: fix double free and use-after-free in aux device error paths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53291
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493744
Bugzilla Description:
kernel: ALSA: hda/conexant: Fix missing error check for jack detection
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-390
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53284
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493745
Bugzilla Description:
kernel: btrfs: only release the dirty pages io tree after successful writes
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53300
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493746
Bugzilla Description:
kernel: net: enetc: fix NTMP DMA use-after-free issue
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53311
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493748
Bugzilla Description:
kernel: fuse: fix uninit-value in fuse_dentry_revalidate()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53320
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493754
Bugzilla Description:
kernel: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
CVSS Score:
Vector:
CWE: CWE-839
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53309
Severity: important
Released on: 26/06/2026
Advisory:
Bugzilla: 2493755
Bugzilla Description:
kernel: ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53307
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493757
Bugzilla Description:
kernel: pinctrl: pinconf-generic: Fully validate 'pinmux' property
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53295
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493759
Bugzilla Description:
kernel: mailbox: add sanity check for channel array
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-166
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53303
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493763
Bugzilla Description:
kernel: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
CVSS Score:
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53319
Severity:
Released on: 26/06/2026
Advisory:
Bugzilla: 2493767
Bugzilla Description:
kernel: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()
CVSS Score:
Vector:
CWE: CWE-544
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53304
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493768
Bugzilla Description:
kernel: scsi: sg: Resolve soft lockup issue when opening /dev/sgX
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53292
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493770
Bugzilla Description:
kernel: net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-253
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53294
Severity: moderate
Released on: 26/06/2026
Advisory:
Bugzilla: 2493771
Bugzilla Description:
kernel: mailbox: mailbox-test: don't free the reused channel
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53282
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493774
Bugzilla Description:
kernel: x86/kexec: Push kjump return address even for non-kjump kexec
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53297
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493775
Bugzilla Description:
kernel: net: mana: Guard mana_remove against double invocation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53310
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493776
Bugzilla Description:
kernel: soc/tegra: cbb: Fix cross-fabric target timeout lookup
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-823
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53280
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493777
Bugzilla Description:
kernel: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53279
Severity: low
Released on: 26/06/2026
Advisory:
Bugzilla: 2493780
Bugzilla Description:
kernel: drm/gma500/oaktrail_lvds: fix hang on init failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-40941
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493265
Bugzilla Description:
cacti: Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-347
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13283
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493239
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in AdFilter
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13282
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493233
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in Payments
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13281
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493254
Bugzilla Description:
chromium-browser: chromium-browser: Integer overflow in Mojo
CVSS Score:
CVSSv3 Score: 8.7
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-48702
Severity: important
Released on: 25/06/2026
Advisory: RHSA-2026:25138,
Bugzilla: 2499685
Bugzilla Description:
github.com/sigstore/rekor: Rekor: Denial of Service due to unbounded gzip decompression in Alpine APK parsing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: cosign-main-3.1.1-0.1.hum1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Lightspeed Core,Lightspeed Core,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Security Profiles Operator,Security Profiles Operator,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document
CVE-2026-46601
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493152
Bugzilla Description:
golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1288
Affected Packages:
Package States: Cryostat 4,Red Hat Advanced Cluster Management for Kubernetes 2,
Full Details
CVE document
CVE-2026-56766
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493128
Bugzilla Description:
hydra: Hydra: Remote Code Execution via NTLM Authentication Stack Buffer Overflow
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-46611
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493117
Bugzilla Description:
glances: Glances: Information disclosure via DNS rebinding attack
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-346
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-47770
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:29986,
Bugzilla: 2493034
Bugzilla Description:
jq: jq: Denial of Service via deeply nested array comparison
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages: jq-main-1.8.2-0.1.hum1,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-49839
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:29986,
Bugzilla: 2493020
Bugzilla Description:
jq: jq: Heap out-of-bounds write via oversized raw file processing
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-787
Affected Packages: jq-main-1.8.2-0.1.hum1,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-54679
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:29986,
Bugzilla: 2493030
Bugzilla Description:
jq: jq: Denial of Service via integer overflow and buffer overrun on 32-bit systems
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages: jq-main-1.8.2-0.1.hum1,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ceph Storage 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-55180
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493031
Bugzilla Description:
pnpm: pacquet: pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-15
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-48995
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493032
Bugzilla Description:
pnpm: pnpm: Supply chain compromise from unverified dependencies
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-494
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-50017
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493033
Bugzilla Description:
pnpm: pnpm: Information disclosure of authentication credentials via malicious .npmrc file
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-50016
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493040
Bugzilla Description:
pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-50015
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493029
Bugzilla Description:
pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-50014
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493023
Bugzilla Description:
pnpm: pnpm: Arbitrary Code Execution via Malicious Lockfile
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-50573
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493025
Bugzilla Description:
pnpm: pnpm: Package integrity check bypass allows installation of malicious content
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-494
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-50021
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493039
Bugzilla Description:
pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-494
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-55700
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493019
Bugzilla Description:
pnpm: pnpm: Unauthorized file modification via crafted package manifest
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-55699
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2493036
Bugzilla Description:
pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-55698
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493022
Bugzilla Description:
pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-55697
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493038
Bugzilla Description:
pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-349
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-55487
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2493035
Bugzilla Description:
pnpm: pnpm: Supply chain compromise via manipulated package source strings
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-140
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-9705
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:30049, RHSA-2026:30050, RHSA-2026:30083, RHSA-2026:30084,
Bugzilla: 2481878
Bugzilla Description:
keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-613
Affected Packages: rhbk/keycloak-operator-bundle:26.4.13-1,rhbk/keycloak-rhel9-operator:26.4-19,rhbk/keycloak-rhel9,rhbk/keycloak-rhel9:26.6-8,rhbk/keycloak-rhel9:26.4-19,rhbk/keycloak-operator-bundle:26.6.4-2,rhbk/keycloak-rhel9-operator:26.6-8,
Package States:
Full Details
CVE document
CVE-2026-9099
Severity: important
Released on: 25/06/2026
Advisory: RHSA-2026:30049, RHSA-2026:30050, RHSA-2026:30083, RHSA-2026:30084,
Bugzilla: 2480182
Bugzilla Description:
keycloak: Group-Admin Escalation to Realm-Admin
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-639
Affected Packages: rhbk/keycloak-operator-bundle:26.4.13-1,rhbk/keycloak-rhel9-operator:26.4-19,rhbk/keycloak-rhel9,rhbk/keycloak-rhel9:26.6-8,rhbk/keycloak-rhel9:26.4-19,rhbk/keycloak-operator-bundle:26.6.4-2,rhbk/keycloak-rhel9-operator:26.6-8,
Package States:
Full Details
CVE document
CVE-2026-9086
Severity: important
Released on: 25/06/2026
Advisory: RHSA-2026:30049, RHSA-2026:30050, RHSA-2026:30083, RHSA-2026:30084,
Bugzilla: 2480170
Bugzilla Description:
keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-79
Affected Packages: rhbk/keycloak-operator-bundle:26.4.13-1,rhbk/keycloak-rhel9-operator:26.4-19,rhbk/keycloak-rhel9,rhbk/keycloak-rhel9:26.6-8,rhbk/keycloak-rhel9:26.4-19,rhbk/keycloak-operator-bundle:26.6.4-2,rhbk/keycloak-rhel9-operator:26.6-8,
Package States:
Full Details
CVE document
CVE-2026-9083
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:30049, RHSA-2026:30050, RHSA-2026:30083, RHSA-2026:30084,
Bugzilla: 2480168
Bugzilla Description:
keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-22
Affected Packages: rhbk/keycloak-operator-bundle:26.4.13-1,rhbk/keycloak-rhel9-operator:26.4-19,rhbk/keycloak-rhel9,rhbk/keycloak-rhel9:26.6-8,rhbk/keycloak-rhel9:26.4-19,rhbk/keycloak-operator-bundle:26.6.4-2,rhbk/keycloak-rhel9-operator:26.6-8,
Package States:
Full Details
CVE document
CVE-2026-55693
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:30267,
Bugzilla: 2492980
Bugzilla Description:
vim: Vim: Out-of-bounds Write in Spell File Word Count
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE:
Affected Packages: vim-main-9.2.725-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-55892
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:35387,
Bugzilla: 2492975
Bugzilla Description:
vim: Vim: Denial of Service via crafted spell file
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages: vim-main-9.2.780-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-55895
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492970
Bugzilla Description:
vim: Vim: Arbitrary code execution via Vimscript code injection in netrw plugin
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57451
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492978
Bugzilla Description:
vim: Vim: Denial of service via crafted undo file
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57452
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:30267,
Bugzilla: 2492979
Bugzilla Description:
vim: Vim: Out-of-bounds Read with libsodium-encrypted Files
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-125
Affected Packages: vim-main-9.2.725-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57453
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492967
Bugzilla Description:
vim: Vim: Arbitrary code execution via crafted zip archive entry names
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57454
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492977
Bugzilla Description:
vim: Vim: Out-of-bounds Read with Text Properties
CVSS Score:
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57455
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:30267,
Bugzilla: 2492968
Bugzilla Description:
vim: Vim: Denial of Service via stack out-of-bounds write in spell_soundfold_sofo()
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-787
Affected Packages: vim-main-9.2.725-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57456
Severity: important
Released on: 25/06/2026
Advisory: RHSA-2026:35387,
Bugzilla: 2492972
Bugzilla Description:
vim: Vim: Arbitrary code execution via malicious docstrings in Python omni-completion
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-94
Affected Packages: vim-main-9.2.780-1.hum1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-57438
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492963
Bugzilla Description:
nokogiri: rubygem-nokogiri: Nokogiri: Memory corruption due to XInclude substitution
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57437
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492946
Bugzilla Description:
nokogiri: Nokogiri: Denial of Service due to improper XPathContext garbage collection
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-771
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57436
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492937
Bugzilla Description:
nokogiri: rubygem-nokogiri: Nokogiri: Denial of Service via heap use-after-free
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57435
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492951
Bugzilla Description:
nokogiri: rubygem-nokogiri: Nokogiri: Denial of Service due to use-after-free when replacing XML attribute values
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57434
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492935
Bugzilla Description:
nokogiri: rubygem-nokogiri: Nokogiri: Denial of Service via NULL pointer dereference
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57235
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492950
Bugzilla Description:
nokogiri: rubygem-nokogiri: Nokogiri: Denial of Service via out-of-bounds read
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57234
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492934
Bugzilla Description:
nokogiri: Nokogiri: Server-Side Request Forgery (SSRF) and XML External Entity (XXE) via improper enforcement of NONET parse option
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-611
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-57236
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492952
Bugzilla Description:
nokogiri: Nokogiri: Denial of Service or Information Disclosure via invalid encoding handling
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-13324
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492860
Bugzilla Description:
geary: geary: Silent file attachment via ?attach= parameter
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-56130
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492817
Bugzilla Description:
org.apache.shiro/shiro-web: Apache Shiro: Remember-me cookie isn't checked for expiry on the server
CVSS Score:
CVSSv3 Score: 3.0
Vector:
CWE: CWE-294
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document
CVE-2026-13311
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492642
Bugzilla Description:
shell-quote: shell-quote/parse: shell-quote: Denial of Service due to inefficient input parsing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1050
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Gatekeeper 3,Migration Toolkit for Containers,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-12244
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2491587
Bugzilla Description:
nsd: A specially crafted SVCB RR can cause a heap overflow of up to 65509 attacker controlled bytes.
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-12245
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2491588
Bugzilla Description:
NSD: Denial of DNS over TLS service by any DoT client
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-12246
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2491589
Bugzilla Description:
nsd: Out of bounds stack write with crafted APL RR
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-12490
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2491590
Bugzilla Description:
nsd: Bypass of client certificate verification with transfer over TLS
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-303
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13218
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492654
Bugzilla Description:
kubevirt: kubevirt: symlink following in WriteToCachedFile allows host file overwrite from virt-launcher
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-61
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-13318
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492659
Bugzilla Description:
virt-api-rhel9: kubevirt: KubeVirt: SSRF in virt-api port-forward via unvalidated guest-agent-reported IP
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-13322
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492681
Bugzilla Description:
kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial ReadLine in virt-handler causes OOM denial of service
CVSS Score:
CVSSv3 Score: 3.8
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-53194
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492703
Bugzilla Description:
kernel: USB: serial: kl5kusb105: fix bulk-out buffer overflow
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53163
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492704
Bugzilla Description:
kernel: locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53168
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492705
Bugzilla Description:
kernel: fuse: reject fuse_notify() pagecache ops on directories
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53159
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492706
Bugzilla Description:
kernel: misc: fastrpc: fix DMA address corruption due to find_vma misuse
CVSS Score:
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53229
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492707
Bugzilla Description:
kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53183
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492708
Bugzilla Description:
kernel: mptcp: allow subflow rcv wnd to shrink
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53236
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492709
Bugzilla Description:
kernel: tcp: restrict SO_ATTACH_FILTER to priv users
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53242
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492710
Bugzilla Description:
kernel: ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53245
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492711
Bugzilla Description:
kernel: net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53271
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492712
Bugzilla Description:
kernel: ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53184
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492713
Bugzilla Description:
kernel: udp: clear skb->dev before running a sockmap verdict
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53137
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492714
Bugzilla Description:
kernel: drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size
CVSS Score:
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53178
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492715
Bugzilla Description:
kernel: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
CVSS Score:
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53139
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492716
Bugzilla Description:
kernel: drm/v3d: Skip CSD when it has zeroed workgroups
CVSS Score:
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53256
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492717
Bugzilla Description:
kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53269
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492718
Bugzilla Description:
kernel: netfilter: synproxy: add mutex to guard hook reference counting
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53143
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492719
Bugzilla Description:
kernel: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53198
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492720
Bugzilla Description:
kernel: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL
CVSS Score:
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53218
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492721
Bugzilla Description:
kernel: netfilter: nft_exthdr: fix register tracking for F_PRESENT flag
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53182
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492722
Bugzilla Description:
kernel: wifi: nl80211: reject oversized EMA RNR lists
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53140
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492723
Bugzilla Description:
kernel: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53161
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492724
Bugzilla Description:
kernel: misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context
CVSS Score:
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53277
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492725
Bugzilla Description:
kernel: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53165
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492726
Bugzilla Description:
kernel: iomap: avoid potential null folio->mapping deref during error reporting
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53162
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492727
Bugzilla Description:
kernel: memcg: use round-robin victim selection in refill_stock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53230
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492728
Bugzilla Description:
kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53173
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492729
Bugzilla Description:
kernel: accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate()
CVSS Score:
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53248
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492730
Bugzilla Description:
kernel: net: airoha: Fix use-after-free in metadata dst teardown
CVSS Score:
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53171
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492731
Bugzilla Description:
kernel: accel/ethosu: fix arithmetic issues in dma_length()
CVSS Score:
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53138
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492732
Bugzilla Description:
kernel: drm/amd/display: Bound VBIOS record-chain walk loops
CVSS Score:
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53228
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492733
Bugzilla Description:
kernel: ipv6: sit: reload inner IPv6 header after GSO offloads
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53169
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492734
Bugzilla Description:
kernel: accel/ethosu: reject NPU_OP_RESIZE commands from userspace
CVSS Score:
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53185
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492735
Bugzilla Description:
kernel: zram: fix use-after-free in zram_bvec_write_partial()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53134
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492736
Bugzilla Description:
kernel: netfilter: nft_fib: fix stale stack leak via the OIFNAME register
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53158
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492737
Bugzilla Description:
kernel: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53156
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492738
Bugzilla Description:
kernel: nvmem: core: fix use-after-free bugs in error paths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53249
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492739
Bugzilla Description:
kernel: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53220
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492740
Bugzilla Description:
kernel: netfilter: revalidate bridge ports
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53176
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492741
Bugzilla Description:
kernel: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-839
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53193
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492742
Bugzilla Description:
kernel: ALSA: timer: Forcibly close timer instances at closing
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53273
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492744
Bugzilla Description:
kernel: tee: optee: prevent use-after-free when the client exits before the supplicant
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53235
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492745
Bugzilla Description:
kernel: net: add pskb_may_pull() to skb_gro_receive_list()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53234
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492746
Bugzilla Description:
kernel: net: ibm: emac: Fix use-after-free during device removal
CVSS Score:
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53131
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492747
Bugzilla Description:
kernel: netfilter: require Ethernet MAC header before using eth_hdr()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53267
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492748
Bugzilla Description:
kernel: netfilter: nft_ct: bail out on template ct in get eval
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53213
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492749
Bugzilla Description:
kernel: drm/vc4: fix krealloc() memory leak
CVSS Score:
Vector:
CWE: CWE-253
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53196
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492750
Bugzilla Description:
kernel: USB: serial: io_ti: fix heap overflow in get_manuf_info()
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53221
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492751
Bugzilla Description:
kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1289
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53211
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492752
Bugzilla Description:
kernel: netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53132
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492753
Bugzilla Description:
kernel: vsock/virtio: fix potential unbounded skb queue
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-770
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-53257
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492754
Bugzilla Description:
kernel: wifi: cfg80211: enforce HE/EHT cap/oper consistency
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-390
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53133
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492755
Bugzilla Description:
kernel: RDMA/umem: Fix truncation for block sizes >= 4G
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-681
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53148
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492756
Bugzilla Description:
kernel: thunderbolt: Clamp XDomain response data copy to allocation size
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53219
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492757
Bugzilla Description:
kernel: netfilter: x_tables: avoid leaking percpu counter pointers
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1098
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53215
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492758
Bugzilla Description:
kernel: net: mvpp2: refill RX buffers before XDP or skb use
CVSS Score:
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53152
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492759
Bugzilla Description:
kernel: mmc: dw_mmc-rockchip: Add missing private data for very old controllers
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53187
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492760
Bugzilla Description:
kernel: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53240
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492761
Bugzilla Description:
kernel: xfrm: iptfs: fix use-after-free on first_skb in __input_process_payload
CVSS Score:
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53209
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492762
Bugzilla Description:
kernel: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53197
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492763
Bugzilla Description:
kernel: xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state()
CVSS Score:
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53149
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492764
Bugzilla Description:
kernel: thunderbolt: Bound root directory content to block size
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53208
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492765
Bugzilla Description:
kernel: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53154
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492766
Bugzilla Description:
kernel: mm/hugetlb: restore reservation on error in hugetlb folio copy paths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53243
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492767
Bugzilla Description:
kernel: rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()
CVSS Score:
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53136
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492768
Bugzilla Description:
kernel: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size
CVSS Score:
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53224
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492769
Bugzilla Description:
kernel: sctp: validate embedded INIT chunk and address list lengths in cookie
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53268
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492770
Bugzilla Description:
kernel: netfilter: conntrack_irc: fix possible out-of-bounds read
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53246
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492771
Bugzilla Description:
kernel: sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53180
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492772
Bugzilla Description:
kernel: timers/migration: Fix livelock in tmigr_handle_remote_up()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53145
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492773
Bugzilla Description:
kernel: drm/gem: Try to fix change_handle ioctl, attempt 4
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53170
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492774
Bugzilla Description:
kernel: accel/ethosu: reject DMA commands with uninitialized length
CVSS Score:
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53150
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492775
Bugzilla Description:
kernel: thunderbolt: Reject zero-length property entries in validator
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53188
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492776
Bugzilla Description:
kernel: RDMA/core: Validate the passed in fops for ib_get_ucaps()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-351
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53227
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492777
Bugzilla Description:
kernel: net: openvswitch: fix possible kfree_skb of ERR_PTR
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53247
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492778
Bugzilla Description:
kernel: net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53239
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492779
Bugzilla Description:
kernel: xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53237
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492780
Bugzilla Description:
kernel: gpio: mvebu: fix NULL pointer dereference in suspend/resume
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53172
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492781
Bugzilla Description:
kernel: accel/ethosu: fix IFM region index out-of-bounds in command stream parser
CVSS Score:
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53232
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492782
Bugzilla Description:
kernel: net: phy: clean the sfp upstream if phy probing fails
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53167
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492783
Bugzilla Description:
kernel: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53262
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492784
Bugzilla Description:
kernel: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53147
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492785
Bugzilla Description:
kernel: thunderbolt: Validate XDomain request packet size before type cast
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53244
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492786
Bugzilla Description:
kernel: VFS: fix possible failure to unlock in nfsd4_create_file()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53195
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492787
Bugzilla Description:
kernel: USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53189
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492788
Bugzilla Description:
kernel: mm/huge_memory: update file PMD counter before folio_put()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53142
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492789
Bugzilla Description:
kernel: drm/xe/display: fix oops in suspend/shutdown without display
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53153
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492790
Bugzilla Description:
kernel: mm/list_lru: drain before clearing xarray entry on reparent
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53174
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492791
Bugzilla Description:
kernel: ovl: keep err zero after successful ovl_cache_get()
CVSS Score:
Vector:
CWE: CWE-253
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53192
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492792
Bugzilla Description:
kernel: ALSA: timer: Fix UAF at snd_timer_user_params()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53251
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492793
Bugzilla Description:
kernel: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53164
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492794
Bugzilla Description:
kernel: iommu/dma: Do not try to iommu_map a 0 length region in swiotlb
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53254
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492795
Bugzilla Description:
kernel: Bluetooth: RFCOMM: validate skb length in MCC handlers
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53205
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492796
Bugzilla Description:
kernel: accel/ivpu: Add bounds checks for firmware log indices
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53210
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492797
Bugzilla Description:
kernel: tee: shm: fix shm leak in register_shm_helper()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53203
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492798
Bugzilla Description:
kernel: accel/ivpu: Add buffer overflow check in MS get_info_ioctl
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53200
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492799
Bugzilla Description:
kernel: KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53146
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492800
Bugzilla Description:
kernel: thunderbolt: Limit XDomain response copy to actual frame size
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53204
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492801
Bugzilla Description:
kernel: firmware: stratix10-rsu: Fix NULL deref on rsu_send_msg() timeout in probe
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53206
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492802
Bugzilla Description:
kernel: accel/ivpu: Add bounds check for firmware runtime memory
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53191
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492803
Bugzilla Description:
kernel: io_uring/net: inherit IORING_CQE_F_BUF_MORE across bundle recv retries
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53217
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492804
Bugzilla Description:
kernel: net: mvpp2: sync RX data at the hardware packet offset
CVSS Score:
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53166
Severity: moderate
Released on: 25/06/2026
Advisory: RHSA-2026:40068, RHSA-2026:39983, RHSA-2026:39984, RHSA-2026:40760, RHSA-2026:38492, RHSA-2026:37728, RHSA-2026:39082, RHSA-2026:40082, RHSA-2026:39083, RHSA-2026:38491, RHSA-2026:40425,
Bugzilla: 2492805
Bugzilla Description:
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages: kernel-0:4.18.0-477.152.1.el8_8,kernel-0:6.12.0-211.33.1.el10_2,kernel-0:4.18.0-372.201.1.el8_6,kernel-0:4.18.0-305.198.1.el8_4,kernel-0:5.14.0-687.25.1.el9_8,kernel-0:4.18.0-553.143.1.el8_10,kernel-0:5.14.0-284.181.1.el9_2,kernel-rt-0:5.14.0-284.181.1.rt14.466.el9_2,kernel-0:5.14.0-570.128.1.el9_6,kernel-0:6.12.0-231.16.el10nv,kernel-rt-0:4.18.0-553.143.1.rt7.484.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53186
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492806
Bugzilla Description:
kernel: RDMA/srp: bound SRP_RSP sense copy by the received length
CVSS Score:
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53255
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492807
Bugzilla Description:
kernel: Bluetooth: MGMT: validate advertising TLV before type checks
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53222
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492808
Bugzilla Description:
kernel: ptp: ocp: fix resource freeing order
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53233
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492809
Bugzilla Description:
kernel: netdev: fix double-free in netdev_nl_bind_rx_doit()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53223
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492811
Bugzilla Description:
kernel: net: guard timestamp cmsgs to real error queue skbs
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53155
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492812
Bugzilla Description:
kernel: mm/huge_memory: use correct flags for device private PMD entry
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53216
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492814
Bugzilla Description:
kernel: net: mvpp2: limit XDP frame size to the RX buffer
CVSS Score:
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53250
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492815
Bugzilla Description:
kernel: xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53265
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492816
Bugzilla Description:
kernel: dm cache policy smq: check allocation under invalidate lock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53252
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492818
Bugzilla Description:
kernel: Bluetooth: fix memory leak in error path of hci_alloc_dev()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53181
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492819
Bugzilla Description:
kernel: vsock/vmci: fix sk_ack_backlog leak on failed handshake
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53241
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492820
Bugzilla Description:
kernel: ALSA: seq: dummy: fix UMP event stack overread
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53207
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492821
Bugzilla Description:
kernel: mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53190
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492822
Bugzilla Description:
kernel: drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53202
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492823
Bugzilla Description:
kernel: accel/ivpu: Fix signed integer truncation in IPC receive
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53157
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492824
Bugzilla Description:
kernel: net: phonet: free phonet_device after RCU grace period
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53253
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492826
Bugzilla Description:
kernel: Bluetooth: bnep: reject short frames before parsing
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53214
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492827
Bugzilla Description:
kernel: ipv6: Fix a potential NPD in cleanup_prefix_route()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53238
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492828
Bugzilla Description:
kernel: netlabel: validate unlabeled address and mask attribute lengths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53135
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492829
Bugzilla Description:
kernel: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53201
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492830
Bugzilla Description:
kernel: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend"
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53263
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492832
Bugzilla Description:
kernel: 6lowpan: fix off-by-one in multicast context address compression
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53177
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492833
Bugzilla Description:
kernel: bnxt_en: Fix NULL pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53258
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492834
Bugzilla Description:
kernel: wifi: fix leak if split 6 GHz scanning fails
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53151
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492837
Bugzilla Description:
kernel: rxrpc: Fix the ACK parser to extract the SACK table for parsing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53199
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492838
Bugzilla Description:
kernel: hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-468
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53160
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492839
Bugzilla Description:
kernel: misc: fastrpc: fix use-after-free race in fastrpc_map_create
CVSS Score:
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53175
Severity: important
Released on: 25/06/2026
Advisory:
Bugzilla: 2492840
Bugzilla Description:
kernel: inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53275
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492841
Bugzilla Description:
kernel: ipv6: mcast: Fix use-after-free when processing MLD queries
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53179
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492842
Bugzilla Description:
kernel: staging: rtl8723bs: fix buffer over-read in rtw_update_protection
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53274
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492843
Bugzilla Description:
kernel: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53231
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492844
Bugzilla Description:
kernel: net: phy: don't try to setup PHY-driven SFP cages when using genphy
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53144
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492845
Bugzilla Description:
kernel: drm/amdkfd: fix NULL dereference in get_queue_ids()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53225
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492846
Bugzilla Description:
kernel: sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53212
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492847
Bugzilla Description:
kernel: netfilter: nft_tunnel: fix use-after-free on object destroy
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53141
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492848
Bugzilla Description:
kernel: drm/v3d: Fix global performance monitor reference counting
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53260
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492849
Bugzilla Description:
kernel: tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53259
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492850
Bugzilla Description:
kernel: ipv6: anycast: insert aca into global hash under idev->lock
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53264
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492851
Bugzilla Description:
kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53226
Severity:
Released on: 25/06/2026
Advisory:
Bugzilla: 2492852
Bugzilla Description:
kernel: gpio: rockchip: fix generic IRQ chip leak on remove
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53270
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492853
Bugzilla Description:
kernel: ipvs: clear the svc scheduler ptr early on edit
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53276
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492854
Bugzilla Description:
kernel: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53272
Severity: moderate
Released on: 25/06/2026
Advisory:
Bugzilla: 2492855
Bugzilla Description:
kernel: erofs: fix use-after-free on sbi->sync_decompress
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53261
Severity: low
Released on: 25/06/2026
Advisory:
Bugzilla: 2492856
Bugzilla Description:
kernel: devlink: Release nested relation on devlink free
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-2050
Severity: important
Released on: 24/06/2026
Advisory: RHSA-2026:38485, RHSA-2026:38497,
Bugzilla: 2492593
Bugzilla Description:
gimp: GIMP: Arbitrary code execution via heap-based buffer overflow in HDR file parsing
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-131
Affected Packages: gegl04-0:0.4.62-1.el9_8.1,gegl-0:0.2.0-40.el8_10,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-11998
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492579
Bugzilla Description:
angularjs: AngularJS: Arbitrary JavaScript execution due to Strict Contextual Escaping (SCE) bypass
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenStack Platform 16.2,Red Hat Quay 3,Red Hat Quay 3,Red Hat Single Sign-On 7,
Full Details
CVE document
CVE-2026-23879
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492507
Bugzilla Description:
py7zr: py7zr: Arbitrary file write via crafted symbolic links during archive extraction
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13030
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492485
Bugzilla Description:
chromium-browser: chromium-browser: Uninitialized Use in GPU
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-824
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13029
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492486
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in Web Authentication
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13031
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492492
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in Blink
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13025
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492494
Bugzilla Description:
chromium-browser: chromium-browser: Insufficient validation of untrusted input in DevTools
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-368
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13027
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492505
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in FileSystem
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13026
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492506
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in Digital Credentials
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13023
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492487
Bugzilla Description:
chromium-browser: chromium-browser: Uninitialized Use in GPU
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-824
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13024
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492488
Bugzilla Description:
chromium-browser: chromium-browser: Insufficient validation of untrusted input in Navigation
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-1286
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13038
Severity: critical
Released on: 24/06/2026
Advisory:
Bugzilla: 2492491
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in Autofill
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13032
Severity: critical
Released on: 24/06/2026
Advisory:
Bugzilla: 2492490
Bugzilla Description:
chromium-browser: chromium-browser: Use after free in WebGL
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-13033
Severity: critical
Released on: 24/06/2026
Advisory:
Bugzilla: 2492493
Bugzilla Description:
chromium-browser: chromium-browser: Out of bounds read in Blink>InterestGroups
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document
CVE-2026-49980
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492478
Bugzilla Description:
github.com/rclone/rclone: Rclone: Remote Code Execution via unauthenticated requests when `rcd --rc-serve` is enabled
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-78
Affected Packages:
Package States: Cryostat 4,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,
Full Details
CVE document
CVE-2026-44017
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492448
Bugzilla Description:
docling: Docling: Remote code execution via Zip Slip vulnerability in model download
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-44022
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492379
Bugzilla Description:
docling: Docling: Information disclosure via path traversal in LaTeX backend
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-44020
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492456
Bugzilla Description:
docling: Docling: Information disclosure via XML External Entity (XXE) vulnerability
CVSS Score:
CVSSv3 Score: 9.4
Vector:
CWE: CWE-611
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-44016
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492339
Bugzilla Description:
docling: Docling: Remote code execution via malicious HTML in Playwright-based rendering
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-49851
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492304
Bugzilla Description:
Mistune: Mistune: Denial of Service via crafted Markdown input
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-54297
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492252
Bugzilla Description:
faraday: Faraday: Denial of Service via crafted nested query strings
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-54906
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492249
Bugzilla Description:
concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service
CVSS Score:
CVSSv3 Score: 3.6
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat OpenStack Platform 17.1,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-54904
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492250
Bugzilla Description:
concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Denial of Service due to infinite loop in AtomicReference#update
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat OpenStack Platform 17.1,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-54905
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492251
Bugzilla Description:
concurrent-ruby: Concurrent-ruby: Incorrect write lock granting leading to broken mutual exclusion
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat OpenStack Platform 17.1,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document
CVE-2026-56121
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492229
Bugzilla Description:
feast: Feast: Remote Code Execution via Unsafe Deserialization in gRPC Registry Server
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document
CVE-2026-57285
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492172
Bugzilla Description:
Jenkins GitHub Branch Source Plugin: Jenkins GitHub Branch Source Plugin: Information disclosure via missing permission check
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-425
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2026-57283
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492179
Bugzilla Description:
jenkins-pipeline-groovy: Jenkins Pipeline: Groovy Plugin: Cross-site request forgery allows unauthorized configuration changes.
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-940
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2026-57280
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492199
Bugzilla Description:
jenkins-script-security-plugin: Jenkins Script Security Plugin: Sandbox bypass leading to arbitrary code execution
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-1287
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2026-57281
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492200
Bugzilla Description:
jenkins-script-security-plugin: Jenkins Script Security Plugin: Arbitrary code execution outside sandbox
CVSS Score:
CVSSv3 Score: 8.5
Vector:
CWE: CWE-917
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,
Full Details
CVE document
CVE-2026-56370
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492143
Bugzilla Description:
Imagemagick: ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-56368
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492145
Bugzilla Description:
Imagemagick: ImageMagick - Memory Leak in Raw Pixel Data Coders
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document
CVE-2026-13006
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492077
Bugzilla Description:
logback-core: Logback-core: Arbitrary Code Execution via Malicious Configuration or Environment Variable
CVSS Score:
CVSSv3 Score: 6.0
Vector:
CWE: CWE-94
Affected Packages:
Package States: Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,OpenShift Serverless,OpenShift Serverless,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Web Server 6,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-52945
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla:
Bugzilla Description:
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52932
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492087
Bugzilla Description:
kernel: xfrm: ipcomp: Free destination pages on acomp errors
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52938
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492088
Bugzilla Description:
kernel: bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52919
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492089
Bugzilla Description:
kernel: batman-adv: fix tp_meter counter underflow during shutdown
CVSS Score:
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52942
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492091
Bugzilla Description:
kernel: netfilter: nf_log: validate MAC header was set before dumping it
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52918
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492092
Bugzilla Description:
kernel: Bluetooth: serialize accept_q access
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52925
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492093
Bugzilla Description:
kernel: vrf: Fix a potential NPD when removing a port from a VRF
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52923
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492094
Bugzilla Description:
kernel: ipc: limit next_id allocation to the valid ID range
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52924
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492095
Bugzilla Description:
kernel: sctp: purge outqueue on stale COOKIE-ECHO handling
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52928
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492096
Bugzilla Description:
kernel: af_unix: Reject SIOCATMARK on non-stream sockets
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52933
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492097
Bugzilla Description:
kernel: io_uring/poll: fix signed comparison in io_poll_get_ownership()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1024
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52935
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492098
Bugzilla Description:
kernel: xfrm: espintcp: do not reuse an in-progress partial send
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52941
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492099
Bugzilla Description:
kernel: net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52914
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492100
Bugzilla Description:
kernel: batman-adv: fix fragment reassembly length accounting
CVSS Score:
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52939
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492101
Bugzilla Description:
kernel: net/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52937
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492102
Bugzilla Description:
kernel: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52913
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492103
Bugzilla Description:
kernel: batman-adv: v: stop OGMv2 on disabled interface
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52912
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492105
Bugzilla Description:
kernel: netfilter: nf_queue: hold bridge skb->dev while queued
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52926
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492106
Bugzilla Description:
kernel: batman-adv: clear current gateway during teardown
CVSS Score:
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52929
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492108
Bugzilla Description:
kernel: sctp: stream: fully roll back denied add-stream state
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52922
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492110
Bugzilla Description:
kernel: batman-adv: dat: handle forward allocation error
CVSS Score:
Vector:
CWE: CWE-252
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52921
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492111
Bugzilla Description:
kernel: netfilter: ipset: stop hash:* range iteration at end
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52920
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492112
Bugzilla Description:
kernel: netfilter: xt_policy: fix strict mode inbound policy matching
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52916
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492113
Bugzilla Description:
kernel: batman-adv: frag: disallow unicast fragment in fragment
CVSS Score:
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52934
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492114
Bugzilla Description:
kernel: batman-adv: tvlv: reject oversized TVLV packets
CVSS Score:
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52917
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492115
Bugzilla Description:
kernel: sctp: diag: reject stale associations in dump_one path
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52930
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492116
Bugzilla Description:
kernel: ipc/shm: serialize orphan cleanup with shm_nattch updates
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52936
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492117
Bugzilla Description:
kernel: crypto: jitterentropy - replace long-held spinlock with mutex
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52931
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492118
Bugzilla Description:
kernel: batman-adv: tp_meter: avoid use of uninit sender vars
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52915
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492119
Bugzilla Description:
kernel: netfilter: ip6t_hbh: reject oversized option lists
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52927
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492120
Bugzilla Description:
kernel: netfilter: ebtables: fix OOB read in compat_mtw_from_user
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52940
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492121
Bugzilla Description:
kernel: tun: zero the whole vnet header in tun_put_user()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52944
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492135
Bugzilla Description:
kernel: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
CVSS Score:
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52943
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492137
Bugzilla Description:
kernel: net: skbuff: fix missing zerocopy reference in pskb_carve helpers
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-13201
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492203
Bugzilla Description:
kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level VM disruption
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-61
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-13208
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492220
Bugzilla Description:
kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts VMI identity from unauthenticated gRPC request body
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-287
Affected Packages:
Package States: Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document
CVE-2026-53125
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492260
Bugzilla Description:
kernel: md: fix array_state=clear sysfs deadlock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52964
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492261
Bugzilla Description:
kernel: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52960
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492262
Bugzilla Description:
kernel: ceph: put folios not suitable for writeback
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53050
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492263
Bugzilla Description:
kernel: quota: Fix race of dquot_scan_active() with quota deactivation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53116
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492264
Bugzilla Description:
kernel: s390/ap: use generic driver_override infrastructure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52965
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492265
Bugzilla Description:
kernel: drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-237
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53015
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492266
Bugzilla Description:
kernel: erofs: unify lcn as u64 for 32-bit platforms
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53066
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492267
Bugzilla Description:
kernel: drm/sun4i: backend: fix error pointer dereference
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53102
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492268
Bugzilla Description:
kernel: wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53016
Severity: moderate
Released on: 24/06/2026
Advisory: RHSA-2026:39494, RHSA-2026:38491,
Bugzilla: 2492269
Bugzilla Description:
kernel: crypto: ccp - copy IV using skcipher ivsize
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-805
Affected Packages: kernel-0:5.14.0-687.25.1.el9_8,kernel-0:6.12.0-211.34.1.el10_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53091
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492270
Bugzilla Description:
kernel: net: pull headers in qdisc_pkt_len_segs_init()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53065
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492271
Bugzilla Description:
kernel: ASoC: sti: use managed regmap_field allocations
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53007
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492272
Bugzilla Description:
kernel: ice: fix potential NULL pointer deref in error path of ice_set_ringparam()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53000
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492273
Bugzilla Description:
kernel: netfilter: nat: use kfree_rcu to release ops
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52966
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492274
Bugzilla Description:
kernel: drm: Replace old pointer to new idr
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53031
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492275
Bugzilla Description:
kernel: bpf: Validate node_id in arena_alloc_pages()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-839
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53049
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492276
Bugzilla Description:
kernel: gfs2: add some missing log locking
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-414
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53059
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492277
Bugzilla Description:
kernel: dm log: fix out-of-bounds write due to region_count overflow
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53062
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492278
Bugzilla Description:
kernel: dm cache policy smq: fix missing locks in invalidating cache blocks
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-414
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53047
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492279
Bugzilla Description:
kernel: efi/capsule-loader: fix incorrect sizeof in phys array reallocation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52959
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492280
Bugzilla Description:
kernel: virt: sev-guest: Do not use host-controlled page order in cleanup path
CVSS Score:
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53033
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492281
Bugzilla Description:
kernel: bpf, sockmap: Take state lock for af_unix iter
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52994
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492282
Bugzilla Description:
kernel: vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52976
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492284
Bugzilla Description:
kernel: drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53001
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492285
Bugzilla Description:
kernel: netfilter: xtables: restrict several matches to inet family
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53011
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492286
Bugzilla Description:
kernel: net/sched: taprio: fix use-after-free in advance_sched() on schedule switch
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53041
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492287
Bugzilla Description:
kernel: ocfs2: fix listxattr handling when the buffer is full
CVSS Score:
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53076
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492288
Bugzilla Description:
kernel: bpf: Fix OOB in pcpu_init_value
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52968
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492289
Bugzilla Description:
kernel: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-468
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53003
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492290
Bugzilla Description:
kernel: pppoe: drop PFC frames
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1102
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53095
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492291
Bugzilla Description:
kernel: bpf: Fix abuse of kprobe_write_ctx via freplace
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53128
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492292
Bugzilla Description:
kernel: drbd: Balance RCU calls in drbd_adm_dump_devices()
CVSS Score:
Vector:
CWE: CWE-832
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53019
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492293
Bugzilla Description:
kernel: clk: spacemit: ccu_mix: fix inverted condition in ccu_mix_trigger_fc()
CVSS Score:
Vector:
CWE: CWE-783
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53040
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492294
Bugzilla Description:
kernel: ocfs2: validate bg_bits during freefrag scan
CVSS Score:
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53075
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492295
Bugzilla Description:
kernel: ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53119
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492296
Bugzilla Description:
kernel: platform/wmi: use generic driver_override infrastructure
CVSS Score:
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53029
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492297
Bugzilla Description:
kernel: fs/ntfs3: prevent uninitialized lcn caused by zero len
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53013
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492298
Bugzilla Description:
kernel: macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53078
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492299
Bugzilla Description:
kernel: bpf: Fix same-register dst/src OOB read and pointer leak in sock_ops
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53083
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492300
Bugzilla Description:
kernel: bpf: Fix RCU stall in bpf_fd_array_map_clear()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53123
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492301
Bugzilla Description:
kernel: md: wake raid456 reshape waiters before suspend
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52984
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492302
Bugzilla Description:
kernel: net/sched: netem: fix queue limit check to include reordered packets
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53112
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492303
Bugzilla Description:
kernel: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53090
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492305
Bugzilla Description:
kernel: bpf: Fix ld_{abs,ind} failure path analysis in subprogs
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-253
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53105
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492306
Bugzilla Description:
kernel: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925_mac_write_txwi
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53079
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492307
Bugzilla Description:
kernel: net_sched: fix skb memory leak in deferred qdisc drops
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53080
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492309
Bugzilla Description:
kernel: net/sched: cls_fw: fix NULL dereference of "old" filters before change()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53053
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492310
Bugzilla Description:
kernel: iommu/amd: Fix clone_alias() to use the original device's devid
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-694
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53098
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492311
Bugzilla Description:
kernel: wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53055
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492312
Bugzilla Description:
kernel: crypto: hisilicon/sec2 - prevent req used-after-free for sec
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53022
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492313
Bugzilla Description:
kernel: platform/x86: dell-wmi-sysman: bound enumeration string aggregation
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53004
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492315
Bugzilla Description:
kernel: sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53107
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492316
Bugzilla Description:
kernel: wifi: libertas: don't kill URBs in interrupt context
CVSS Score:
Vector:
CWE: CWE-663
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53122
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492317
Bugzilla Description:
kernel: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52950
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492318
Bugzilla Description:
kernel: drm/xe/dma-buf: fix UAF with retry loop
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53010
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492319
Bugzilla Description:
kernel: ksmbd: fix use-after-free in smb2_open during durable reconnect
CVSS Score:
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52953
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492320
Bugzilla Description:
kernel: iommu/vt-d: Fix oops due to out of scope access
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53044
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492321
Bugzilla Description:
kernel: soc/tegra: cbb: Fix incorrect ARRAY_SIZE in fabric lookup tables
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53081
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492322
Bugzilla Description:
kernel: bpf: Enforce regsafe base id consistency for BPF_ADD_CONST scalars
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-386
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53084
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492323
Bugzilla Description:
kernel: bpf: return VMA snapshot from task_vma iterator
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53089
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492324
Bugzilla Description:
kernel: bpf: Fix use-after-free in offloaded map/prog info fill
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53021
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492325
Bugzilla Description:
kernel: scsi: target: core: Fix integer overflow in UNMAP bounds check
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53110
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492326
Bugzilla Description:
kernel: s390/bpf: Zero-extend bpf prog return values and kfunc arguments
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-681
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53012
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492327
Bugzilla Description:
kernel: nexthop: fix IPv6 route referencing IPv4 nexthop
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52955
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492328
Bugzilla Description:
kernel: libceph: Fix potential out-of-bounds access in crush_decode()
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53002
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492329
Bugzilla Description:
kernel: netfilter: conntrack: remove sprintf usage
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53111
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492330
Bugzilla Description:
kernel: bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52963
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492331
Bugzilla Description:
kernel: ALSA: usb-audio: Bound MIDI endpoint descriptor scans
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52975
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492332
Bugzilla Description:
kernel: bonding: 3ad: implement proper RCU rules for port->aggregator
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53014
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492333
Bugzilla Description:
kernel: net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53037
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492334
Bugzilla Description:
kernel: HID: usbhid: fix deadlock in hid_post_reset()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53064
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492335
Bugzilla Description:
kernel: dm cache: fix null-deref with concurrent writes in passthrough mode
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53101
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492336
Bugzilla Description:
kernel: wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52957
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492337
Bugzilla Description:
kernel: libceph: Fix potential null-ptr-deref in decode_choose_args()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52998
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492338
Bugzilla Description:
kernel: netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52980
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492340
Bugzilla Description:
kernel: sched/fair: Clear rel_deadline when initializing forked entities
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53008
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492341
Bugzilla Description:
kernel: ice: fix race condition in TX timestamp ring cleanup
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53024
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492342
Bugzilla Description:
kernel: greybus: raw: fix use-after-free if write is called after disconnect
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53054
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492343
Bugzilla Description:
kernel: drm/msm: Fix VM_BIND UNMAP locking
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52979
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492344
Bugzilla Description:
kernel: net: psp: check for device unregister when creating assoc
CVSS Score:
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52996
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492345
Bugzilla Description:
kernel: ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53034
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492346
Bugzilla Description:
kernel: bpf, sockmap: Fix af_unix null-ptr-deref in proto update
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53070
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492347
Bugzilla Description:
kernel: sctp: disable BH before calling udp_tunnel_xmit_skb()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52999
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492348
Bugzilla Description:
kernel: netfilter: nfnetlink_osf: fix out-of-bounds read on option matching
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53087
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492349
Bugzilla Description:
kernel: net: bcmgenet: fix leaking free_bds
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53036
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492350
Bugzilla Description:
kernel: bpf, arm64: Fix off-by-one in check_imm signed range check
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-839
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52977
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492351
Bugzilla Description:
kernel: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53088
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492352
Bugzilla Description:
kernel: net: bcmgenet: fix off-by-one in bcmgenet_put_txcb
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52951
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492353
Bugzilla Description:
kernel: drm/xe/dma-buf: handle empty bo and UAF races
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53103
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492354
Bugzilla Description:
kernel: wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52956
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492355
Bugzilla Description:
kernel: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53127
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492356
Bugzilla Description:
kernel: block: fix zones_cond memory leak on zone revalidation error paths
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53035
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492357
Bugzilla Description:
kernel: bpf, sockmap: Fix af_unix iter deadlock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53130
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492358
Bugzilla Description:
kernel: fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52949
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492360
Bugzilla Description:
kernel: drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53023
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492361
Bugzilla Description:
kernel: fs/ntfs3: terminate the cached volume label after UTF-8 conversion
CVSS Score:
Vector:
CWE: CWE-170
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53092
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492362
Bugzilla Description:
kernel: bpf: Fix linked reg delta tracking when src_reg == dst_reg
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-393
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53006
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492363
Bugzilla Description:
kernel: ipv6: fix possible UAF in icmpv6_rcv()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52972
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492364
Bugzilla Description:
kernel: crypto: af_alg - Cap AEAD AD length to 0x80000000
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52987
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492365
Bugzilla Description:
kernel: drm/amdgpu: avoid double drm_exec_fini() in userq validate
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53096
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492366
Bugzilla Description:
kernel: bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53028
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492367
Bugzilla Description:
kernel: usb: typec: Fix error pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-390
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53063
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492368
Bugzilla Description:
kernel: dm cache: fix write hang in passthrough mode
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-826
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53124
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492369
Bugzilla Description:
kernel: ublk: reset per-IO canceled flag on each fetch
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53052
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492370
Bugzilla Description:
kernel: ASoC: qcom: qdsp6: topology: check widget type before accessing data
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-843
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53017
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492371
Bugzilla Description:
kernel: f2fs: fix data loss caused by incorrect use of nat_entry flag
CVSS Score:
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52961
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492372
Bugzilla Description:
kernel: ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53093
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492374
Bugzilla Description:
kernel: wifi: brcmfmac: Fix error pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53057
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492375
Bugzilla Description:
kernel: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries
CVSS Score:
Vector:
CWE: CWE-524
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53129
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492376
Bugzilla Description:
kernel: fs/mbcache: cancel shrink work before destroying the cache
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53046
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492380
Bugzilla Description:
kernel: ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
CVSS Score:
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53005
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492381
Bugzilla Description:
kernel: af_unix: Drop all SCM attributes for SOCKMAP
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53086
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492382
Bugzilla Description:
kernel: net: bcmgenet: fix racing timeout handler
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53104
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492383
Bugzilla Description:
kernel: wifi: mt76: Fix memory leak destroying device
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53099
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492384
Bugzilla Description:
kernel: bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI
CVSS Score:
Vector:
CWE: CWE-358
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53069
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492385
Bugzilla Description:
kernel: net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53038
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492386
Bugzilla Description:
kernel: ima_fs: Correctly create securityfs files for unsupported hash algos
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52997
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492387
Bugzilla Description:
kernel: net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52974
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492388
Bugzilla Description:
kernel: net: tls: fix strparser anchor skb leak on offload RX setup failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52967
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492389
Bugzilla Description:
kernel: smb/client: fix possible infinite loop and oob read in symlink_data()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53009
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492390
Bugzilla Description:
kernel: ice: fix double-free of tx_buf skb
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53108
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492391
Bugzilla Description:
kernel: powerpc/64s: Fix unmap race with PMD migration entries
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53121
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492392
Bugzilla Description:
kernel: amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52982
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492393
Bugzilla Description:
kernel: net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52962
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492394
Bugzilla Description:
kernel: ceph: fix a buffer leak in __ceph_setxattr()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52948
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492395
Bugzilla Description:
kernel: i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52995
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492396
Bugzilla Description:
kernel: net/rds: zero per-item info buffer before handing it to visitors
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52986
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492397
Bugzilla Description:
kernel: netfilter: nf_conntrack_sip: don't use simple_strtoul
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-170
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52946
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492398
Bugzilla Description:
kernel: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53067
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492399
Bugzilla Description:
kernel: PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53032
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492400
Bugzilla Description:
kernel: bpf: Fix NULL deref in map_kptr_match_type for scalar regs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53113
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492401
Bugzilla Description:
kernel: wifi: ath11k: fix memory leaks in beacon template setup
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53114
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492402
Bugzilla Description:
kernel: perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-663
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52991
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492403
Bugzilla Description:
kernel: sched/psi: fix race between file release and pressure write
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53085
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492404
Bugzilla Description:
kernel: bpf: fix mm lifecycle in open-coded task_vma iterator
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53043
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492405
Bugzilla Description:
kernel: ocfs2/dlm: validate qr_numregions in dlm_match_regions()
CVSS Score:
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53051
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492407
Bugzilla Description:
kernel: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53072
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492408
Bugzilla Description:
kernel: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53117
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492409
Bugzilla Description:
kernel: s390/cio: use generic driver_override infrastructure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53077
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492410
Bugzilla Description:
kernel: net/rds: Restrict use of RDS/IB to the initial network namespace
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-280
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53106
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492411
Bugzilla Description:
kernel: bpf: Do not allow deleting local storage in NMI
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53126
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492412
Bugzilla Description:
kernel: blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52973
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492413
Bugzilla Description:
kernel: futex: Drop CLONE_THREAD requirement for private default hash alloc
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52983
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492414
Bugzilla Description:
kernel: net: airoha: fix BQL imbalance in TX path
CVSS Score:
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53120
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492415
Bugzilla Description:
kernel: PCI: use generic driver_override infrastructure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53097
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492416
Bugzilla Description:
kernel: wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()
CVSS Score:
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53030
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492417
Bugzilla Description:
kernel: i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers()
CVSS Score:
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52981
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492421
Bugzilla Description:
kernel: neigh: let neigh_xmit take skb ownership
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52952
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492422
Bugzilla Description:
kernel: iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53025
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492423
Bugzilla Description:
kernel: greybus: raw: fix use-after-free on cdev close
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52978
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492424
Bugzilla Description:
kernel: net: psp: require admin permission for dev-set and key-rotate
CVSS Score:
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53020
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492426
Bugzilla Description:
kernel: um: Fix potential race condition in TLB sync
CVSS Score:
Vector:
CWE: CWE-414
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53109
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492427
Bugzilla Description:
kernel: powerpc/pgtable-frag: Fix bad page state in pte_frag_destroy
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53056
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492428
Bugzilla Description:
kernel: drm/msm/dpu: fix mismatch between power and frequency
CVSS Score:
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53042
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492429
Bugzilla Description:
kernel: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52970
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492430
Bugzilla Description:
kernel: netfilter: nft_ct: fix missing expect put in obj eval
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52990
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492431
Bugzilla Description:
kernel: fsnotify: fix inode reference leak in fsnotify_recalc_mask()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52947
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492432
Bugzilla Description:
kernel: net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52992
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492433
Bugzilla Description:
kernel: fs/adfs: validate nzones in adfs_validate_bblk()
CVSS Score:
Vector:
CWE: CWE-124
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52969
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492434
Bugzilla Description:
kernel: KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53060
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492435
Bugzilla Description:
kernel: dm cache metadata: fix memory leak on metadata abort retry
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52971
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492436
Bugzilla Description:
kernel: net: ena: PHC: Fix potential use-after-free in get_timestamp
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52993
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492437
Bugzilla Description:
kernel: tipc: fix double-free in tipc_buf_append()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53018
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492439
Bugzilla Description:
kernel: f2fs: avoid reading already updated pages during GC
CVSS Score:
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52985
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492440
Bugzilla Description:
kernel: netdevsim: zero initialize struct iphdr in dummy sk_buff
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53074
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492441
Bugzilla Description:
kernel: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53115
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492442
Bugzilla Description:
kernel: bus: fsl-mc: use generic driver_override infrastructure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52989
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2492443
Bugzilla Description:
kernel: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-390
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53100
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492445
Bugzilla Description:
kernel: wifi: mt76: fix deadlock in remain-on-channel
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53082
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492446
Bugzilla Description:
kernel: net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53073
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492447
Bugzilla Description:
kernel: Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52954
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492449
Bugzilla Description:
kernel: libceph: handle rbtree insertion error in decode_choose_args()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52988
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492450
Bugzilla Description:
kernel: netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53058
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492451
Bugzilla Description:
kernel: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53045
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492452
Bugzilla Description:
kernel: memory: tegra124-emc: Fix dll_change check
CVSS Score:
Vector:
CWE: CWE-480
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53061
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492453
Bugzilla Description:
kernel: dm cache: fix dirty mapping checking in passthrough mode switching
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53026
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492454
Bugzilla Description:
kernel: NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53068
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492455
Bugzilla Description:
kernel: drm/komeda: fix integer overflow in AFBC framebuffer size check
CVSS Score:
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53048
Severity: low
Released on: 24/06/2026
Advisory:
Bugzilla: 2492457
Bugzilla Description:
kernel: gfs2: prevent NULL pointer dereference during unmount
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53071
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492458
Bugzilla Description:
kernel: Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53094
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492459
Bugzilla Description:
kernel: bpf: Fix stale offload->prog pointer after constant blinding
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53118
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492460
Bugzilla Description:
kernel: vdpa: use generic driver_override infrastructure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53039
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492461
Bugzilla Description:
kernel: ocfs2: validate group add input before caching
CVSS Score:
Vector:
CWE: CWE-179
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-53027
Severity:
Released on: 24/06/2026
Advisory:
Bugzilla: 2492462
Bugzilla Description:
kernel: fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()
CVSS Score:
Vector:
CWE: CWE-166
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-52958
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2492463
Bugzilla Description:
kernel: libceph: Fix potential out-of-bounds access in osdmap_decode()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document
CVE-2026-50721
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2494147
Bugzilla Description:
librenswan: IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: Fast Datapath for RHEL 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-50722
Severity: moderate
Released on: 24/06/2026
Advisory:
Bugzilla: 2494148
Bugzilla Description:
librenswan: IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: Fast Datapath for RHEL 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-12413
Severity: important
Released on: 24/06/2026
Advisory:
Bugzilla: 2494149
Bugzilla Description:
librenswan: IKEv2 Denial of Service via malformed fragmentation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-193
Affected Packages:
Package States: Fast Datapath for RHEL 9,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document
CVE-2026-11972
Severity: moderate
Released on: 23/06/2026
Advisory: RHSA-2026:35813, RHSA-2026:35807, RHSA-2026:35806, RHSA-2026:35812,
Bugzilla: 2492050
Bugzilla Description:
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-835
Affected Packages: python3-11-main-3.11.15-4.4.hum1,python3-14-main-3.14.6-1.2.hum1,python3-13-main-3.13.14-1.2.hum1,python3-12-main-3.12.13-3.3.hum1,
Package States: Exploit Intelligence,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Self-service automation portal 2,
Full Details
CVE document
CVE-2026-54518
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2492014
Bugzilla Description:
jackson-databind: jackson-databind: Information disclosure and data manipulation via view-based access control bypass
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-639
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-50193
Severity: important
Released on: 23/06/2026
Advisory:
Bugzilla: 2491999
Bugzilla Description:
jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1050
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54512
Severity: important
Released on: 23/06/2026
Advisory: RHSA-2026:36839,
Bugzilla: 2492015
Bugzilla Description:
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-502
Affected Packages: jackson-databind,
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Certificate System 11,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54513
Severity: important
Released on: 23/06/2026
Advisory: RHSA-2026:36839,
Bugzilla: 2492010
Bugzilla Description:
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-184
Affected Packages: jackson-databind,
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54514
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2492004
Bugzilla Description:
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-502
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54515
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2492016
Bugzilla Description:
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-915
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54516
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2491996
Bugzilla Description:
jackson-databind: jackson-databind: Security bypass due to improper handling of renamed properties
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-915
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54517
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2492002
Bugzilla Description:
jackson-databind: jackson-databind: Information disclosure via improper JsonView filter application
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat build of Quarkus,Red Hat Certificate System 10,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Lightspeed for Runtimes Operator,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document
CVE-2026-54762
Severity: low
Released on: 23/06/2026
Advisory:
Bugzilla: 2491922
Bugzilla Description:
github.com/traefik/traefik: Traefik: Authentication bypass due to invalid authentication secret
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-166
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-53622
Severity: important
Released on: 23/06/2026
Advisory:
Bugzilla: 2491924
Bugzilla Description:
github.com/traefik/traefik: Traefik: mTLS enforcement bypass due to HTTP/3 TLS configuration flaw
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-289
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-48491
Severity: important
Released on: 23/06/2026
Advisory:
Bugzilla: 2491923
Bugzilla Description:
Traefik: Traefik: Unauthorized access due to mutual TLS bypass
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-807
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-48020
Severity: important
Released on: 23/06/2026
Advisory:
Bugzilla: 2491915
Bugzilla Description:
github.com/traefik/traefik: Traefik: Authentication bypass in StripPrefix middleware allows unauthorized access to protected paths
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-45692
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2491901
Bugzilla Description:
github.com/caddyserver/caddy/v2: Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization
CVSS Score:
CVSSv3 Score: 3.8
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-52845
Severity: important
Released on: 23/06/2026
Advisory:
Bugzilla: 2491907
Bugzilla Description:
github.com/caddyserver/caddy: Caddy: Remote client can inject or override identity headers via header normalization
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-444
Affected Packages:
Package States: Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-52846
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2491908
Bugzilla Description:
github.com/caddyserver/caddy: Caddy: Client-side Cross-Site Scripting (XSS) due to incomplete HTML tag stripping
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-0864
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2491892
Bugzilla Description:
python: cpython: Python configparser: Configuration injection via crafted multi-line input
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document
CVE-2026-57062
Severity: low
Released on: 23/06/2026
Advisory:
Bugzilla: 2491859
Bugzilla Description:
GnuPG: Incorrect cryptographic message parsing
CVSS Score:
CVSSv3 Score: 2.9
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Hardened Images,
Full Details
CVE document
CVE-2026-54257
Severity: important
Released on: 23/06/2026
Advisory:
Bugzilla: 2491877
Bugzilla Description:
electron: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Build of Podman Desktop,
Full Details
CVE document
CVE-2026-54316
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2491853
Bugzilla Description:
claude-code: Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-863
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document
CVE-2026-50221
Severity: moderate
Released on: 23/06/2026
Advisory:
Bugzilla: 2491876
Bugzilla Description:
openstack-swift: OpenStack Swift: SSRF via internal update header injection in proxy-server
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat OpenStack Platform 13 (Queens),Red Hat OpenStack Platform 13 (Queens),Red Hat OpenStack Platform 13 (Queens),Red Hat OpenStack Platform 13 (Queens),Red Hat OpenStack Platform 13 (Queens),Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Self-service automation portal 2,Self-service automation portal 2,
Full Details
CVE document