Red Hat Security Api | Red Hat Customer Portal Labs

CVE-2026-33943
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452522
Bugzilla Description: happy-dom: Happy DOM: Remote Code Execution via JavaScript expression injection
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-917
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33941
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452524
Bugzilla Description: handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-94
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-33940
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452521
Bugzilla Description: handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-33939
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452508
Bugzilla Description: handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-248
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-33938
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452525
Bugzilla Description: handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-917
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-33937
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452523
Bugzilla Description: handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile()
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-33916
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452509
Bugzilla Description: handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-915
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-33896
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452458
Bugzilla Description: node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-295
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Process Automation 7,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-33895
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452457
Bugzilla Description: node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Process Automation 7,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-33894
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452464
Bugzilla Description: node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Process Automation 7,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-33891
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452450
Bugzilla Description: node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Process Automation 7,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-33870
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452453
Bugzilla Description: io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-444
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27879
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452286
Bugzilla Description: Grafana: Grafana: Denial of Service via resample query
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28375
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452279
Bugzilla Description: grafana: Grafana: Denial of Service via testdata data-source
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27876
Severity: critical
Released on: 27/03/2026
Advisory:
Bugzilla: 2452277
Bugzilla Description: grafana: grafana-enterprise-plugin: Grafana: Remote arbitrary code execution via chained SQL Expressions and Enterprise plugin attack
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-89
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33758
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452294
Bugzilla Description: OpenBao: reflected XSS in OpenBao OIDC authentication error message
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-79
Affected Packages:
Package States: Cryostat 4,
Full Details
CVE document

CVE-2026-27880
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452295
Bugzilla Description: Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33757
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452269
Bugzilla Description: OpenBao: lack of user confirmation for OpenBao OIDC direct callback mode
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-384
Affected Packages:
Package States: Cryostat 4,
Full Details
CVE document

CVE-2026-27877
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452293
Bugzilla Description: grafana: Grafana: Information disclosure of data-source passwords via public dashboards
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33433
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452289
Bugzilla Description: github.com/traefik/traefik: Traefik: Authentication bypass via non-canonical HTTP header injection
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-290
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-32695
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452235
Bugzilla Description: github.com/traefik/traefik: Traefik: Cross-tenant traffic exposure and host restriction bypass via rule-syntax injection in Knative provider
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-917
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-27860
Severity: low
Released on: 27/03/2026
Advisory:
Bugzilla: 2452176
Bugzilla Description: dovecot: Dovecot: Authentication bypass and information disclosure via LDAP filter injection
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-90
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27859
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452180
Bugzilla Description: dovecot: Dovecot: Denial of Service via excessive RFC 2231 MIME parameters
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27858
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452175
Bugzilla Description: dovecot: denial of service via crafted message before authentication
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27857
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452179
Bugzilla Description: dovecot: denial of service via specially crafted NOOP command
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27855
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452177
Bugzilla Description: dovecot: Dovecot: Replay attack allows unauthorized login via observed One-Time Password (OTP) exchange
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-294
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-24031
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452181
Bugzilla Description: dovecot: Dovecot: Authentication bypass and user enumeration due to cleared auth_username_chars configuration
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-89
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-0394
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452173
Bugzilla Description: dovecot: Dovecot: Information disclosure and authentication bypass via path traversal
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-59031
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452174
Bugzilla Description: dovecot: Dovecot: Information disclosure via specially crafted OOXML documents
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-611
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-59028
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452178
Bugzilla Description: dovecot: Dovecot: Denial of Service via invalid SASL data
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-34353
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452093
Bugzilla Description: ocaml: OCaml: Information disclosure via integer overflow in Bigarray.reshape
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33747
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452076
Bugzilla Description: BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Confidential Compute Attestation,Kernel Module Management Operator for Red Hat Openshift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Power monitoring for Red Hat OpenShift,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-33721
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452066
Bugzilla Description: MapServer: MapServer: Denial of Service via crafted Styled Layer Descriptor
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33701
Severity: important
Released on: 27/03/2026
Advisory:
Bugzilla: 2452071
Bugzilla Description: io.opentelemetry.javaagent/opentelemetry-javaagent: OpenTelemetry Java Instrumentation: Remote code execution via deserialization vulnerability in RMI
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-4948
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452086
Bugzilla Description: firewalld: firewalld: Local unprivileged user can modify firewall state due to D-Bus setter mis-authorization
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-279
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4981
Severity: moderate
Released on: 27/03/2026
Advisory:
Bugzilla: 2452218
Bugzilla Description: rhacs: Red Hat Advanced Cluster Security (ACS): Open Redirect and Content Spoofing via OAuth callback endpoint
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-601
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-33699
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2452062
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27893
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2452055
Bugzilla Description: vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-501
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33945
Severity: critical
Released on: 26/03/2026
Advisory:
Bugzilla: 2452054
Bugzilla Description: incus: Incus: Privilege escalation and denial of service via path traversal in systemd credential configuration
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33898
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2452051
Bugzilla Description: incus: Incus: Privilege escalation and unauthorized access due to improper authentication token validation in web UI
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-303
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33897
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2452020
Bugzilla Description: incus: pongo2: Incus: Arbitrary file read/write as root via pongo2 template chroot bypass
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-243
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33743
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2452024
Bugzilla Description: incus: Incus: Denial of Service via specially crafted storage bucket backup
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33711
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2452021
Bugzilla Description: incus: Incus: Local privilege escalation or denial of service via predictable temporary file paths
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-59
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33542
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2452019
Bugzilla Description: github.com/lxc/incus: Incus: Image cache poisoning due to insufficient image fingerprint validation
CVSS Score:
CVSSv3 Score: 8.5
Vector:
CWE: CWE-354
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-34352
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2452022
Bugzilla Description: TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-279
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28377
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451990
Bugzilla Description: Grafana Tempo: Grafana Tempo: Information disclosure of S3 encryption key via status config endpoint
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-312
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33672
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451993
Bugzilla Description: picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-624
Affected Packages:
Package States: Cryostat 4,Migration Toolkit for Applications 8,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-33671
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451986
Bugzilla Description: picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Cryostat 4,Migration Toolkit for Applications 8,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-1556
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451981
Bugzilla Description: Drupal: File (Field) Paths: Drupal File (Field) Paths: Information Disclosure via filename-collision uploads
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-73
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3650
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451988
Bugzilla Description: gdcm: GDCM: Denial of Service via malformed DICOM files
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-33658
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451983
Bugzilla Description: rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-21724
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451938
Bugzilla Description: Grafana OSS: Grafana OSS: Authorization bypass allows modification of protected webhook URLs
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33375
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451939
Bugzilla Description: Grafana MSSQL Data Source Plugin: Grafana MSSQL Data Source Plugin: Denial of Service via Out-Of-Memory exhaustion
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33536
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451849
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via out-of-bounds write
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-823
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-33535
Severity: low
Released on: 26/03/2026
Advisory:
Bugzilla: 2451855
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in X11 display interaction path
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-33532
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451858
Bugzilla Description: yaml: yaml: Denial of Service via deeply nested YAML document parsing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Multicluster Engine for Kubernetes,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat build of Apicurio Registry 3,Red Hat build of Apicurio Registry 3,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-32285
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451846
Bugzilla Description: github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-32286
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451847
Bugzilla Description: github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift on AWS,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-32284
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451851
Bugzilla Description: github.com/shamaton/msgpack: msgpack: Denial of Service via truncated fixext data
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-805
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Pen Drive Powered by Red Hat Lightspeed,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-4926
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451867
Bugzilla Description: path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 8,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Network Observability Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-33490
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451798
Bugzilla Description: h3: H3: Information disclosure due to incorrect path prefix validation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat OpenShift Update Service,
Full Details
CVE document

CVE-2026-33487
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451814
Bugzilla Description: github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift GitOps,
Full Details
CVE document

CVE-2026-33636
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451819
Bugzilla Description: libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-124
Affected Packages:
Package States: Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33416
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451805
Bugzilla Description: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4867
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451783
Bugzilla Description: path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Cryostat 4,Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 8,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Network Observability Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-33413
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451728
Bugzilla Description: etcd: etcd: Authorization bypass allows information disclosure and denial of service
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-306
Affected Packages:
Package States: Multicluster Global Hub,OpenShift Service Mesh 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-33343
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451727
Bugzilla Description: etcd: etcd: Authorization bypass allows information disclosure via nested transactions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-639
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,
Full Details
CVE document

CVE-2026-4897
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451739
Bugzilla Description: polkit: Polkit: Denial of Service via unbounded input processing through standard input
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-1961
Severity: important
Released on: 26/03/2026
Advisory: RHSA-2026:5968, RHSA-2026:5971, RHSA-2026:5970,
Bugzilla: 2437036
Bugzilla Description: forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE:
Affected Packages: foreman-0:3.14.0.14-1.el9sat,foreman-0:3.16.0.12-1.el9sat,rubygem-katello-0:4.16.0.14-1.el9sat,rubygem-fog-kubevirt-0:1.5.1-1.el9sat,python-pulp-container-0:2.22.3-1.el9pc,python-pulp-rpm-0:3.27.10-2.el9pc,python-django-0:4.2.28-0.1.el9pc,rubygem-rubyipmi-0:0.13.0-1.el9sat,satellite-0:6.17.7-1.el9sat,foreman-0:3.12.0.14-1.el9sat,libcomps-0:0.1.23-0.3.el9pc,foreman-0:3.12.0.14-1.el8sat,python-brotli-0:1.2.0-0.1.el9pc,rubygem-foreman_kubevirt-0:0.4.3-1.el9sat,yggdrasil-worker-forwarder-0:0.0.3-4.el9sat,
Package States: Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-4887
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451669
Bugzilla Description: gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23397
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451664
Bugzilla Description: Linux kernel: nfnetlink_osf: Linux kernel: Denial of Service in nfnetlink_osf via crafted network packets
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4874
Severity: low
Released on: 26/03/2026
Advisory:
Bugzilla: 2451611
Bugzilla Description: org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-33526
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451574
Bugzilla Description: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33515
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451581
Bugzilla Description: Squid: Squid: Information disclosure via improper input validation in ICP traffic
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32748
Severity: important
Released on: 26/03/2026
Advisory:
Bugzilla: 2451577
Bugzilla Description: Squid: Squid: Denial of Service via crafted ICP traffic
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-826
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23396
Severity:
Released on: 26/03/2026
Advisory:
Bugzilla: 2451661
Bugzilla Description: kernel: wifi: mac80211: fix NULL deref in mesh_matches_local()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23398
Severity: moderate
Released on: 26/03/2026
Advisory:
Bugzilla: 2451662
Bugzilla Description: kernel: icmp: fix NULL pointer dereference in icmp_tag_validation()
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29976
Severity: low
Released on: 26/03/2026
Advisory:
Bugzilla: 2451745
Bugzilla Description: hcxpcapngtool: hcxtools: ZerBea hcxpcapngtool: Information disclosure via buffer overflow in getradiotapfield() function
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30892
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451576
Bugzilla Description: crun: crun: Privilege escalation due to incorrect parsing of the `--user` option
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-115
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33249
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451485
Bugzilla Description: github.com/nats-io/nats-server: NATS-Server: Unauthorized trace message redirection via message tracing headers
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33223
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451479
Bugzilla Description: nats-server: github.com/nats-io/nats-server: NATS-Server: Identity spoofing via `Nats-Request-Info:` header
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-807
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33248
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451484
Bugzilla Description: github.com/nats-io/nats-server: nats: NATS-Server: Authentication bypass due to incorrect Subject DN matching during mTLS client identity verification
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-289
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33222
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451480
Bugzilla Description: nats-server: NATS-Server: Unauthorized data modification via JetStream stream restore
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-639
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33247
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451486
Bugzilla Description: github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-214
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33219
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451445
Bugzilla Description: github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33218
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451450
Bugzilla Description: nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33246
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451449
Bugzilla Description: nats-server: nats: github.com/nats-io/nats-server: NATS-Server: Client identity spoofing via Nats-Request-Info header manipulation
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-290
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33217
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451446
Bugzilla Description: nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-425
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33216
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451448
Bugzilla Description: nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-213
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-29785
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451444
Bugzilla Description: github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-409
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-27889
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451447
Bugzilla Description: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Multicluster Global Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33809
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451437
Bugzilla Description: golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-1001
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451432
Bugzilla Description: Domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-79
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-25645
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451408
Bugzilla Description: requests: Requests: Security bypass due to predictable temporary file creation
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-379
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Lightspeed Core,Lightspeed Core,Lightspeed Core,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Pen Drive Powered by Red Hat Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat build of Quarkus Native builder,Red Hat build of Quarkus Native builder,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,
Full Details
CVE document

CVE-2026-34085
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451414
Bugzilla Description: fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3591
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451298
Bugzilla Description: bind: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3119
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451308
Bugzilla Description: bind: BIND: Denial of Service via authenticated TKEY queries
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-237
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3104
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451310
Bugzilla Description: bind: BIND: Denial of Service via specially crafted domain query causing a memory leak
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-1519
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451305
Bugzilla Description: bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3608
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451139
Bugzilla Description: Kea: Kea: Denial of Service via maliciously crafted message
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-23367
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla:
Bugzilla Description:
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23321
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451159
Bugzilla Description: kernel: mptcp: pm: in-kernel: always mark signal+subflow endp as used
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23395
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451160
Bugzilla Description: kernel: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23371
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451161
Bugzilla Description: kernel: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
CVSS Score:
Vector:
CWE: CWE-372
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23320
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451162
Bugzilla Description: kernel: usb: gadget: f_ncm: align net_device lifecycle with bind/unbind
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23363
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451163
Bugzilla Description: kernel: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23353
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451164
Bugzilla Description: kernel: ice: fix crash in ethtool offline loopback test
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23374
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451165
Bugzilla Description: kernel: blktrace: fix __this_cpu_read/write in preemptible context
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23350
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451166
Bugzilla Description: kernel: drm/xe/queue: Call fini on exec queue creation fail
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23364
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451167
Bugzilla Description: kernel: ksmbd: Compare MACs in constant time
CVSS Score:
Vector:
CWE: CWE-208
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23285
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451168
Bugzilla Description: kernel: drbd: fix null-pointer dereference on local read error
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23279
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451170
Bugzilla Description: kernel: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23390
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451171
Bugzilla Description: kernel: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow
CVSS Score:
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23286
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451172
Bugzilla Description: kernel: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23347
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451173
Bugzilla Description: kernel: can: usb: f81604: correctly anchor the urb in the read bulk callback
CVSS Score:
Vector:
CWE: CWE-771
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23296
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451174
Bugzilla Description: kernel: scsi: core: Fix refcount leak for tagset_refcnt
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23368
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451175
Bugzilla Description: kernel: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23284
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451176
Bugzilla Description: kernel: net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()
CVSS Score:
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23315
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451177
Bugzilla Description: kernel: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23352
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451178
Bugzilla Description: kernel: x86/efi: defer freeing of boot services memory
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23290
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451179
Bugzilla Description: kernel: net: usb: pegasus: validate USB endpoints
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23340
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451180
Bugzilla Description: kernel: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23294
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451181
Bugzilla Description: kernel: bpf: Fix race in devmap on PREEMPT_RT
CVSS Score:
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23341
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451182
Bugzilla Description: kernel: accel/amdxdna: Fix crash when destroying a suspended hardware context
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23385
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451183
Bugzilla Description: kernel: netfilter: nf_tables: clone set on flush only
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23344
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451184
Bugzilla Description: kernel: crypto: ccp - Fix use-after-free on error path
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23292
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451185
Bugzilla Description: kernel: scsi: target: Fix recursive locking in __configfs_open_file()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-764
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23291
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451186
Bugzilla Description: kernel: nfc: pn533: properly drop the usb interface reference on disconnect
CVSS Score:
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23310
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451187
Bugzilla Description: kernel: bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1288
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23317
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451188
Bugzilla Description: kernel: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-390
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23318
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451189
Bugzilla Description: kernel: ALSA: usb-audio: Use correct version for UAC3 header validation
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23331
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451190
Bugzilla Description: kernel: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23293
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451191
Bugzilla Description: kernel: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23304
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451192
Bugzilla Description: kernel: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23308
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451193
Bugzilla Description: kernel: pinctrl: equilibrium: fix warning trace on load
CVSS Score:
Vector:
CWE: CWE-779
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23305
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451194
Bugzilla Description: kernel: accel/rocket: fix unwinding in error path in rocket_probe
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23307
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451195
Bugzilla Description: kernel: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23356
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451196
Bugzilla Description: kernel: drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
CVSS Score:
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23280
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451197
Bugzilla Description: kernel: accel/amdxdna: Prevent ubuf size overflow
CVSS Score:
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23360
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451198
Bugzilla Description: kernel: nvme: fix admin queue leak on controller reset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23375
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451199
Bugzilla Description: kernel: mm: thp: deny THP for files on anonymous inodes
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23302
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451200
Bugzilla Description: kernel: net: annotate data-races around sk->sk_{data_ready,write_space}
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23394
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451201
Bugzilla Description: kernel: af_unix: Give up GC if MSG_PEEK intervened
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23359
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451202
Bugzilla Description: kernel: bpf: Fix stack-out-of-bounds write in devmap
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23319
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451203
Bugzilla Description: kernel: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23299
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451204
Bugzilla Description: kernel: Bluetooth: purge error queues in socket destructors
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23329
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451205
Bugzilla Description: kernel: libie: don't unroll if fwlog isn't supported
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-371
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23383
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451206
Bugzilla Description: kernel: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-468
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23295
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451207
Bugzilla Description: kernel: accel/amdxdna: Fix dead lock for suspend and resume
CVSS Score:
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23311
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451208
Bugzilla Description: kernel: perf/core: Fix invalid wait context in ctx_sched_in()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23332
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451209
Bugzilla Description: kernel: cpufreq: intel_pstate: Fix crash during turbo disable
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23361
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451210
Bugzilla Description: kernel: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23314
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451211
Bugzilla Description: kernel: regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23388
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451212
Bugzilla Description: kernel: Squashfs: check metadata block offset is within range
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23325
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451213
Bugzilla Description: kernel: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
CVSS Score:
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23324
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451214
Bugzilla Description: kernel: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23326
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451215
Bugzilla Description: kernel: xsk: Fix fragment node deletion to prevent buffer leak
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23323
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451216
Bugzilla Description: kernel: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver
CVSS Score:
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23303
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451217
Bugzilla Description: kernel: smb: client: Don't log plaintext credentials in cifs_set_cifscreds
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-256
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23392
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451218
Bugzilla Description: kernel: netfilter: nf_tables: release flowtable after rcu grace period on error
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23334
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451219
Bugzilla Description: kernel: can: usb: f81604: handle short interrupt urb messages properly
CVSS Score:
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23381
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451220
Bugzilla Description: kernel: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23301
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451221
Bugzilla Description: kernel: ASoC: SDCA: Add allocation failure check for Entity name
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-252
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23313
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451223
Bugzilla Description: kernel: i40e: Fix preempt count leak in napi poll tracepoint
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23358
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451224
Bugzilla Description: kernel: drm/amdgpu: Fix error handling in slot reset
CVSS Score:
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23370
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451225
Bugzilla Description: kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-256
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23297
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451226
Bugzilla Description: kernel: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23298
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451227
Bugzilla Description: kernel: can: ucan: Fix infinite loop from zero-length messages
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-606
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23312
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451228
Bugzilla Description: kernel: net: usb: kaweth: validate USB endpoints
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1288
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23387
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451229
Bugzilla Description: kernel: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()
CVSS Score:
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23309
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451230
Bugzilla Description: kernel: tracing: Add NULL pointer check to trigger_data_free()
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23338
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451231
Bugzilla Description: kernel: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings
CVSS Score:
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23354
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451232
Bugzilla Description: kernel: x86/fred: Correct speculative safety in fred_extint()
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1037
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23345
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451233
Bugzilla Description: kernel: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-386
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23369
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451235
Bugzilla Description: kernel: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23346
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451236
Bugzilla Description: kernel: arm64: io: Extract user memory type in ioremap_prot()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-843
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23343
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451237
Bugzilla Description: kernel: xdp: produce a warning when calculated tailroom is negative
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23365
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451238
Bugzilla Description: kernel: net: usb: kalmia: validate USB endpoints
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23281
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451239
Bugzilla Description: kernel: wifi: libertas: fix use-after-free in lbs_free_adapter()
CVSS Score:
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23306
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451240
Bugzilla Description: kernel: scsi: pm8001: Fix use-after-free in pm8001_queue_command()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23342
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451241
Bugzilla Description: kernel: bpf: Fix race in cpumap on PREEMPT_RT
CVSS Score:
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23335
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451242
Bugzilla Description: kernel: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23333
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451243
Bugzilla Description: kernel: netfilter: nft_set_rbtree: validate open interval overlap
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1288
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23373
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451244
Bugzilla Description: kernel: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
CVSS Score:
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23349
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451245
Bugzilla Description: kernel: HID: pidff: Fix condition effect bit clearing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23282
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451246
Bugzilla Description: kernel: smb: client: fix oops due to uninitialised var in smb2_unlink()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23379
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451247
Bugzilla Description: kernel: net/sched: ets: fix divide by zero in the offload path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23384
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451248
Bugzilla Description: kernel: RDMA/ionic: Fix kernel stack leak in ionic_create_cq()
CVSS Score:
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23355
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451249
Bugzilla Description: kernel: ata: libata: cancel pending work after clearing deferred_qc
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23300
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451250
Bugzilla Description: kernel: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23328
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451251
Bugzilla Description: kernel: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
CVSS Score:
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23382
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451252
Bugzilla Description: kernel: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-414
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23289
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451253
Bugzilla Description: kernel: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23351
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451254
Bugzilla Description: kernel: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23336
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451255
Bugzilla Description: kernel: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23362
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451256
Bugzilla Description: kernel: can: bcm: fix locking for bcm_op runtime updates
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23366
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451257
Bugzilla Description: kernel: drm/client: Do not destroy NULL modes
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23316
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451258
Bugzilla Description: kernel: net: ipv4: fix ARM64 alignment fault in multipath hash seed
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-468
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23348
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451259
Bugzilla Description: kernel: cxl: Fix race of nvdimm_bus object when creating nvdimm objects
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23393
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451260
Bugzilla Description: kernel: bridge: cfm: Fix race condition in peer_mep deletion
CVSS Score:
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23377
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451261
Bugzilla Description: kernel: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23372
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451262
Bugzilla Description: kernel: nfc: rawsock: cancel tx_work before socket teardown
CVSS Score:
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23389
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451263
Bugzilla Description: kernel: ice: Fix memory leak in ice_set_ringparam()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-763
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23283
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451264
Bugzilla Description: kernel: regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()
CVSS Score:
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23357
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451265
Bugzilla Description: kernel: can: mcp251x: fix deadlock in error path of mcp251x_open
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-833
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23380
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451266
Bugzilla Description: kernel: tracing: Fix WARN_ON in tracing_buffers_mmap_close
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23376
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451267
Bugzilla Description: kernel: nvmet-fcloop: Check remoteport port_state before calling done callback
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-414
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23339
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451268
Bugzilla Description: kernel: nfc: nci: free skb on nci_transceive early error paths
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23391
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451269
Bugzilla Description: kernel: netfilter: xt_CT: drop pending enqueued packets on template removal
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31788
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451270
Bugzilla Description: kernel: xen/privcmd: restrict usage in unprivileged domU
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23378
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451271
Bugzilla Description: kernel: net/sched: act_ife: Fix metalist update behavior
CVSS Score:
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23386
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451273
Bugzilla Description: kernel: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23288
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451274
Bugzilla Description: kernel: accel/amdxdna: Fix out-of-bounds memset in command slot handling
CVSS Score:
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23337
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451275
Bugzilla Description: kernel: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23330
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451276
Bugzilla Description: kernel: nfc: nci: complete pending data exchange on device close
CVSS Score:
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23287
Severity: low
Released on: 25/03/2026
Advisory:
Bugzilla: 2451277
Bugzilla Description: kernel: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23322
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451278
Bugzilla Description: kernel: ipmi: Fix use-after-free and list corruption on sender error
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23327
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451279
Bugzilla Description: kernel: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-30587
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451404
Bugzilla Description: Seafile Server: Seadoc editor: seahub: seadoc-editor: Seafile Server: Arbitrary client-side code execution via Stored Cross-Site Scripting in Seadoc editor
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-79
Affected Packages:
Package States:
Full Details
CVE document

CVE-2025-67030
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451409
Bugzilla Description: org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Cryostat 4,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apicurio Registry 2,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 3,Red Hat build of Quarkus,Red Hat build of Quarkus Native builder,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Core Services,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2025-70888
Severity: critical
Released on: 25/03/2026
Advisory:
Bugzilla: 2451443
Bugzilla Description: osslsigncode: Osslsigncode: Remote privilege escalation
CVSS Score:
CVSSv3 Score: 10.0
Vector:
CWE: CWE-266
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4371
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2451001
Bugzilla Description: thunderbird: Out of bounds read in IMAP parsing
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3889
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2451006
Bugzilla Description: thunderbird: Spoofing issue in Thunderbird
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33412
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450907
Bugzilla Description: vim: Vim: Arbitrary code execution via command injection in glob() function
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33349
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450909
Bugzilla Description: fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32948
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450890
Bugzilla Description: org.scala-sbt/sbt: sbt: Arbitrary command execution via unvalidated URI fragments on Windows
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-32647
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2449598
Bugzilla Description: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,Red Hat Lightspeed proxy 1,
Full Details
CVE document

CVE-2026-32854
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450845
Bugzilla Description: LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32853
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450843
Bugzilla Description: LibVNCServer: LibVNCServer: Information disclosure or Denial of Service via heap out-of-bounds read in UltraZip encoding
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4775
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450768
Bugzilla Description: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27651
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450791
Bugzilla Description: NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,
Full Details
CVE document

CVE-2026-27654
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450776
Bugzilla Description: NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,
Full Details
CVE document

CVE-2026-28755
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450779
Bugzilla Description: NGINX: NGINX: Certificate revocation bypass when OCSP is enabled
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,
Full Details
CVE document

CVE-2026-28753
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450780
Bugzilla Description: NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,
Full Details
CVE document

CVE-2026-27784
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450785
Bugzilla Description: NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,
Full Details
CVE document

CVE-2026-4721
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450711
Bugzilla Description: firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4729
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450745
Bugzilla Description: firefox: Memory safety bugs fixed in Firefox 149 and Thunderbird 149
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4720
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450751
Bugzilla Description: firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4718
Severity: low
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450742
Bugzilla Description: firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-475
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4719
Severity: low
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450746
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-805
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4728
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450717
Bugzilla Description: firefox: Spoofing issue in the Privacy: Anti-Tracking component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-290
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4727
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450753
Bugzilla Description: firefox: Denial-of-service in the Libraries component in NSS
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4717
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450712
Bugzilla Description: firefox: thunderbird: Privilege escalation in the Netmonitor component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-266
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4726
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450731
Bugzilla Description: firefox: Denial-of-service in the XML component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-776
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4716
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450720
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-824
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4715
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450723
Bugzilla Description: firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-824
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4714
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450725
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4712
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450728
Bugzilla Description: firefox: thunderbird: Information disclosure in the Widget: Cocoa component
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-359
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4713
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450730
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4725
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450716
Bugzilla Description: firefox: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4711
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450733
Bugzilla Description: firefox: thunderbird: Use-after-free in the Widget: Cocoa component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-825
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4709
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450726
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4710
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450727
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4708
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450735
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4706
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450714
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4707
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450755
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-823
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4705
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450722
Bugzilla Description: firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-475
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4704
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450756
Bugzilla Description: firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4723
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450743
Bugzilla Description: firefox: Use-after-free in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4724
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450749
Bugzilla Description: firefox: Undefined behavior in the Audio/Video component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-475
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4722
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450737
Bugzilla Description: firefox: Privilege escalation in the IPC component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-270
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4702
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450744
Bugzilla Description: firefox: thunderbird: JIT miscompilation in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-733
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4701
Severity: moderate
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450710
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-825
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4699
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450739
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4700
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450752
Bugzilla Description: firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-444
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4698
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450719
Bugzilla Description: firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-733
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4697
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450729
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4695
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450715
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-131
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4696
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450740
Bugzilla Description: firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4693
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450741
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-823
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4694
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450747
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4691
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450738
Bugzilla Description: firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4692
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450748
Bugzilla Description: firefox: thunderbird: Sandbox escape in the Responsive Design Mode component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-653
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4689
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450718
Bugzilla Description: firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4690
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450732
Bugzilla Description: firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4688
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450713
Bugzilla Description: firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4687
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450757
Bugzilla Description: firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-501
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4685
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450724
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4686
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450734
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4684
Severity: important
Released on: 24/03/2026
Advisory: RHSA-2026:5931, RHSA-2026:5932, RHSA-2026:5930,
Bugzilla: 2450721
Bugzilla Description: firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-364
Affected Packages: firefox-0:140.9.0-1.el8_10,firefox-0:140.9.0-1.el10_1,firefox-0:140.9.0-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4649
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450641
Bugzilla Description: Apache Artemis: KNIME Business Hub: Apache Artemis and KNIME Business Hub: Authentication bypass allows information disclosure and message injection.
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of OptaPlanner 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-32642
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450642
Bugzilla Description: Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription.
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of OptaPlanner 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-3260
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2443010
Bugzilla Description: undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-33306
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450565
Bugzilla Description: github.com/bcrypt-ruby/bcrypt-ruby: bcrypt-ruby (JRuby): Weakened password hashing due to integer overflow
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33554
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450778
Bugzilla Description: freeipmi: buffer overflows on response messages via ipmi-oem
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33211
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450554
Bugzilla Description: Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-22
Affected Packages:
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-33252
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450542
Bugzilla Description: encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-940
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-33202
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450547
Bugzilla Description: rails: Active Storage: Unintended file deletion via crafted blob keys
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33195
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450546
Bugzilla Description: Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33176
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450551
Bugzilla Description: Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33174
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450544
Bugzilla Description: Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33173
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450545
Bugzilla Description: Rails: Active Storage: Rails Active Storage: Content type bypass via arbitrary metadata in direct uploads
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33170
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450543
Bugzilla Description: Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33169
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450556
Bugzilla Description: rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33168
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450549
Bugzilla Description: actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33167
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450552
Bugzilla Description: Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-29111
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450505
Bugzilla Description: systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-26209
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450422
Bugzilla Description: cbor2: cbor2: Denial of Service due to uncontrolled recursion via crafted CBOR payloads
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3635
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450330
Bugzilla Description: fastify: request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-348
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-4603
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450205
Bugzilla Description: jsrsasign: jsrsasign: Cryptographic operations impacted by division by zero via malicious JSON Web Key
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-369
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4601
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450209
Bugzilla Description: jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing
CVSS Score:
CVSSv3 Score: 8.7
Vector:
CWE: CWE-325
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4599
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450207
Bugzilla Description: jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-338
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4598
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450210
Bugzilla Description: jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4602
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450206
Bugzilla Description: jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-681
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4600
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450208
Bugzilla Description: jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-347
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4628
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450240
Bugzilla Description: keycloak: org.keycloak.authorization: Keycloak: Unauthorized resource modification due to improper access control
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-284
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-4647
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450302
Bugzilla Description: binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4678
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450564
Bugzilla Description: chromium-browser: Use after free in WebGPU
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4674
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450567
Bugzilla Description: chromium-browser: Out of bounds read in CSS
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4680
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450568
Bugzilla Description: chromium-browser: Use after free in FedCM
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4673
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450569
Bugzilla Description: chromium-browser: Heap buffer overflow in WebAudio
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4675
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450570
Bugzilla Description: chromium-browser: Heap buffer overflow in WebGL
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4676
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450571
Bugzilla Description: chromium-browser: Use after free in Dawn
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4679
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450572
Bugzilla Description: chromium-browser: Integer overflow in Fonts
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4677
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450573
Bugzilla Description: chromium-browser: Out of bounds read in WebAudio
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4539
Severity: low
Released on: 22/03/2026
Advisory:
Bugzilla: 2450066
Bugzilla Description: pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1333
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-4538
Severity: moderate
Released on: 22/03/2026
Advisory:
Bugzilla: 2450062
Bugzilla Description: pytorch: PyTorch: Deserialization vulnerability in pt2 Loading Handler allows local impact
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2019-25544
Severity: moderate
Released on: 21/03/2026
Advisory:
Bugzilla: 2449948
Bugzilla Description: Pidgin: Pidgin: Denial of Service via excessively long username
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-33228
Severity: critical
Released on: 20/03/2026
Advisory:
Bugzilla: 2449872
Bugzilla Description: flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-915
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Multicluster Engine for Kubernetes,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apicurio Registry 2,Red Hat Build of Keycloak,Red Hat build of OptaPlanner 8,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Data Grid 8,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Quay 3,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-33210
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449871
Bugzilla Description: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-134
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat AMQ Clients,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-33236
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449824
Bugzilla Description: nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33231
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449836
Bugzilla Description: nltk: NLTK: Denial of Service via unauthenticated remote shutdown
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-306
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33230
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449825
Bugzilla Description: nltk: NLTK: Script execution via reflected cross-site scripting in WordNet Browser
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33204
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449822
Bugzilla Description: SimpleJWT: SimpleJWT: Denial of Service via JWE header tampering
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-325
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,
Full Details
CVE document

CVE-2026-33186
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449833
Bugzilla Description: golang: google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-551
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,Dynamic Accelerator Slicer Operator for Red Hat OpenShift,Dynamic Accelerator Slicer Operator for Red Hat OpenShift,Dynamic Accelerator Slicer Operator for Red Hat OpenShift,Dynamic Accelerator Slicer Operator for Red Hat OpenShift,Dynamic Accelerator Slicer Operator for Red Hat OpenShift,ExternalDNS Operator,ExternalDNS Operator,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,File Integrity Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,Gatekeeper 3,Job Set Tech Preview,Job Set Tech Preview,Job Set Tech Preview,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kube Descheduler Operator,Kube Descheduler Operator,Kube Descheduler Operator,Kube Descheduler Operator,Kube Descheduler Operator,Kube Descheduler Operator,Leader Worker Set,Leader Worker Set,Leader Worker Set,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Network Observability Operator,Network Observability Operator,Network Observability Operator,Network Observability Operator,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Run Once Duration Override Operator,OpenShift Run Once Duration Override Operator,OpenShift Run Once Duration Override Operator,OpenShift Secondary Scheduler Operator,OpenShift Secondary Scheduler Operator,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Power monitoring for Red Hat OpenShift,Power monitoring for Red Hat OpenShift,Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Build of Kueue,Red Hat Build of Kueue,Red Hat Build of Kueue,Red Hat Build of Kueue,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Certification Program for Red Hat Enterprise Linux 9,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 1,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,Red Hat Web Terminal,Security Profiles Operator,Security Profiles Operator,Self Node Remediation Operator,Self Node Remediation Operator,Self Node Remediation Operator,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,Storage-Based Remediation,Storage-Based Remediation,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-33180
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449841
Bugzilla Description: HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,
Full Details
CVE document

CVE-2026-33155
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449786
Bugzilla Description: deepdiff: python: DeepDiff: Denial of Service via unrestricted memory allocation in pickle unpickler
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-502
Affected Packages:
Package States: Pen Drive Powered by Red Hat Lightspeed,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33154
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449774
Bugzilla Description: dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-917
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,
Full Details
CVE document

CVE-2026-33150
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449771
Bugzilla Description: libfuse: libfuse: Arbitrary code execution via use-after-free in io_uring subsystem
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-33179
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449775
Bugzilla Description: libfuse: libfuse: Denial of Service via NULL pointer dereference and memory leak
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-33151
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449789
Bugzilla Description: socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,
Full Details
CVE document

CVE-2026-4438
Severity: low
Released on: 20/03/2026
Advisory:
Bugzilla: 2449783
Bugzilla Description: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-838
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4437
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449777
Bugzilla Description: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32710
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449711
Bugzilla Description: MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4519
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449649
Bugzilla Description: python: Python: Command-line option injection in webbrowser.open() via crafted URLs
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-88
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-33132
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449597
Bugzilla Description: github.com/zitadel: ZITADEL: Authentication bypass allows sign-in with other organization's users
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,
Full Details
CVE document

CVE-2026-32595
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449591
Bugzilla Description: traefik: Traefik: Username enumeration via timing attack in BasicAuth middleware
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-208
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-32305
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449595
Bugzilla Description: Traefik: github.com/traefik/traefik: Traefik: mTLS bypass allows unauthorized service access via fragmented ClientHello.
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-179
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,
Full Details
CVE document

CVE-2026-33123
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449585
Bugzilla Description: pypdf: pypdf: Denial of Service due to excessive resource consumption from crafted PDF
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33022
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449483
Bugzilla Description: github.com/tektoncd/pipeline: Tekton Pipelines: Denial of Service via long resolver names
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-130
Affected Packages:
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-33056
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449490
Bugzilla Description: tar-rs: tar-rs: Arbitrary directory permission modification via crafted tar archive
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-59
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Lightspeed Core,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-33036
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449458
Bugzilla Description: fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-33013
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449457
Bugzilla Description: micronaut-core: Micronaut Framework: Micronaut Framework: Denial of Service via crafted form parameters
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-33012
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449450
Bugzilla Description: Micronaut Framework: micronaut-core: Micronaut Framework: Denial of Service via unbounded cache in HTML error response handling
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-32947
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449437
Bugzilla Description: harden-runner: Harden-Runner: Data exfiltration via DNS over HTTPS (DoH) bypass
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-807
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Gatekeeper 3,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,
Full Details
CVE document

CVE-2026-32946
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449438
Bugzilla Description: step-security/harden-runner: Harden-Runner: Egress policy bypass via DNS over TCP
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-791
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Gatekeeper 3,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,
Full Details
CVE document

CVE-2026-32889
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449419
Bugzilla Description: tinytag: tinytag: Denial of Service via malicious MP3 file parsing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: OpenShift Lightspeed,
Full Details
CVE document

CVE-2026-32875
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449400
Bugzilla Description: ultrajson: UltraJSON: Denial of Service via large indent parameter in JSON serialization
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-32874
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449411
Bugzilla Description: UltraJSON: UltraJSON: Denial of Service due to memory leak when parsing large integers
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-32766
Severity: low
Released on: 20/03/2026
Advisory:
Bugzilla: 2449371
Bugzilla Description: astral-tokio-tar: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-23536
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2429302
Bugzilla Description: feast: Unauthenticated Arbitrary File Read
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-23537
Severity: critical
Released on: 20/03/2026
Advisory:
Bugzilla: 2429304
Bugzilla Description: feast: Unauthenticated Arbitrary File Write
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-862
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-23538
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2429311
Bugzilla Description: feast: Resource exhaustion via WebSocket endpoint
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-23275
Severity: low
Released on: 20/03/2026
Advisory:
Bugzilla: 2449558
Bugzilla Description: kernel: io_uring: ensure ctx->rings is stable for task work flags manipulation
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23277
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449560
Bugzilla Description: kernel: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23276
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449561
Bugzilla Description: kernel: net: add xmit recursion limit to tunnel xmit functions
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23273
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449563
Bugzilla Description: kernel: macvlan: observe an RCU grace period in macvlan_common_newlink() error path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23271
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449565
Bugzilla Description: kernel: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-672
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23278
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449570
Bugzilla Description: kernel: netfilter: nf_tables: always walk all pending catchall elements
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23272
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449571
Bugzilla Description: kernel: netfilter: nf_tables: unconditionally bump set->nelems before insertion
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23274
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449572
Bugzilla Description: kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-22737
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449348
Bugzilla Description: Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-22735
Severity: low
Released on: 19/03/2026
Advisory:
Bugzilla: 2449347
Bugzilla Description: org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
CVSS Score:
CVSSv3 Score: 2.6
Vector:
CWE: CWE-115
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-22732
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449306
Bugzilla Description: Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-166
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-22731
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449290
Bugzilla Description: Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-305
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-4428
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449205
Bugzilla Description: AWS-LC: AWS-LC: Security bypass allows revoked certificates to be accepted due to CRL validation error
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-295
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,OpenShift Lightspeed,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-30836
Severity: critical
Released on: 19/03/2026
Advisory:
Bugzilla: 2449211
Bugzilla Description: github.com/smallstep/certificates: Step CA: Unauthenticated certificate issuance via SCEP Update Request
CVSS Score:
CVSSv3 Score: 10.0
Vector:
CWE: CWE-306
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-26940
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449139
Bugzilla Description: Kibana: Timelion: Kibana Timelion Plugin: Denial of Service via improper input validation in Timelion expressions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift distributed tracing 3,Red Hat OpenStack Platform 16.2,
Full Details
CVE document

CVE-2026-26939
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449144
Bugzilla Description: Kibana: Kibana: Unauthorized system control via missing authorization
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document

CVE-2026-3029
Severity: important
Released on: 19/03/2026
Advisory:
Bugzilla: 2449054
Bugzilla Description: PyMuPDF: PyMuPDF: Arbitrary file write via path traversal vulnerability
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2006-10003
Severity: important
Released on: 19/03/2026
Advisory:
Bugzilla: 2448999
Bugzilla Description: perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2006-10002
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449001
Bugzilla Description: perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4424
Severity: important
Released on: 19/03/2026
Advisory:
Bugzilla: 2449006
Bugzilla Description: libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4426
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449010
Bugzilla Description: libarchive: libarchive: Denial of Service via malformed ISO file processing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1335
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69720
Severity: moderate
Released on: 19/03/2026
Advisory: RHSA-2026:5913,
Bugzilla: 2449037
Bugzilla Description: ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-120
Affected Packages: ncurses-0:6.4-15.20240127.el10_1,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-15031
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448912
Bugzilla Description: mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32700
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448858
Bugzilla Description: devise: Devise: Unauthorized email confirmation due to a race condition
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-367
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-32636
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448862
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in NewXMLTree method
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-31965
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448751
Bugzilla Description: htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31964
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448756
Bugzilla Description: htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-476
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31963
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448755
Bugzilla Description: htslib: HTSlib: Arbitrary code execution via crafted CRAM file
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-193
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3479
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448746
Bugzilla Description: python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-31962
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448750
Bugzilla Description: htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-1284
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27135
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448754
Bugzilla Description: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33002
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448643
Bugzilla Description: jenkins: Jenkins: Origin validation bypass via DNS rebinding in CLI WebSocket endpoint
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-346
Affected Packages:
Package States: OpenShift Developer Tools and Services,Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-33001
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448645
Bugzilla Description: jenkins: Jenkins: Arbitrary file write and potential code execution through crafted archives
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Developer Tools and Services,Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-4427
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448626
Bugzilla Description: github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-129
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift on AWS,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-31938
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448550
Bugzilla Description: jspdf: jsPDF: Cross site scripting via unsanitized output options
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-31898
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448547
Bugzilla Description: jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-30922
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448553
Bugzilla Description: pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,
Full Details
CVE document

CVE-2026-28500
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448518
Bugzilla Description: onnx: ONNX: Untrusted Model Repository Warnings Suppressed
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-829
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-29057
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448515
Bugzilla Description: next.js: Next.js: HTTP request smuggling in rewrites
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-444
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27980
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448509
Bugzilla Description: next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27979
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448512
Bugzilla Description: next.js: Next.js: Unbounded postponed resume buffering can lead to DoS
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-4366
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448543
Bugzilla Description: keycloak-services: Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling in Keycloak
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-23245
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448593
Bugzilla Description: kernel: net/sched: act_gate: snapshot parameters with RCU on replace
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23243
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448594
Bugzilla Description: kernel: Linux kernel: Denial of service and memory corruption in RDMA umad
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71265
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448595
Bugzilla Description: kernel: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23248
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448596
Bugzilla Description: kernel: perf/core: Fix refcount bug and potential UAF in perf_mmap
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71266
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448597
Bugzilla Description: kernel: fs: ntfs3: check return value of indx_find to avoid infinite loop
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23247
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448598
Bugzilla Description: kernel: tcp: secure_seq: add back ports to TS offset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71267
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448599
Bugzilla Description: kernel: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23246
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448600
Bugzilla Description: kernel: Linux kernel: Denial of Service in mac80211 Wi-Fi due to out-of-bounds write
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23244
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448601
Bugzilla Description: kernel: nvme: fix memory allocation in nvme_pr_read_keys()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23242
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448602
Bugzilla Description: kernel: RDMA/siw: Fix potential NULL pointer dereference in header processing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71270
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448681
Bugzilla Description: kernel: LoongArch: Enable exception fixup for specific ADE subcode
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23263
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448683
Bugzilla Description: kernel: io_uring/zcrx: fix page array leak
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23266
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448684
Bugzilla Description: kernel: fbdev: rivafb: fix divide error in nv3_arb()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23253
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448685
Bugzilla Description: kernel: Kernel: Denial of Service via DVB DVR ringbuffer reinitialization flaw
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-664
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23261
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448686
Bugzilla Description: kernel: nvme-fc: release admin tagset if init fails
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23259
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448689
Bugzilla Description: kernel: io_uring/rw: free potentially allocated iovec on cache put failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71269
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448690
Bugzilla Description: kernel: btrfs: do not free data reservation in fallback from inline due to -ENOSPC
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-832
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23267
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448691
Bugzilla Description: kernel: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23256
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448693
Bugzilla Description: kernel: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23262
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448694
Bugzilla Description: kernel: gve: Fix stats report corruption on queue count change
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71268
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448696
Bugzilla Description: kernel: btrfs: fix reservation leak in some error paths when inserting inline extent
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23254
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448699
Bugzilla Description: kernel: net: gro: fix outer network offset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23249
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448700
Bugzilla Description: kernel: xfs: check for deleted cursors when revalidating two btrees
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23257
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448701
Bugzilla Description: kernel: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23260
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448702
Bugzilla Description: kernel: regmap: maple: free entry on mas_store_gfp() failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23255
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448703
Bugzilla Description: kernel: net: add proper RCU protection to /proc/net/ptype
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23252
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448704
Bugzilla Description: kernel: xfs: get rid of the xchk_xfile_*_descr calls
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23265
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448709
Bugzilla Description: kernel: f2fs: fix to do sanity check on node footer in {read,write}_end_io
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23251
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448710
Bugzilla Description: kernel: xfs: only call xf{array,blob}_destroy if we have a valid pointer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23264
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448711
Bugzilla Description: kernel: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23250
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448712
Bugzilla Description: kernel: xfs: check return value of xchk_scrub_create_subord
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-253
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23258
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448713
Bugzilla Description: kernel: net: liquidio: Initialize netdev pointer before queue setup
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23270
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448745
Bugzilla Description: kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26740
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448747
Bugzilla Description: giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23268
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448752
Bugzilla Description: kernel: apparmor: fix unprivileged local user can do privileged policy management
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23269
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448753
Bugzilla Description: kernel: apparmor: validate DFA start states are in bounds in unpack_pdb
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2023-43010
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2024:9679, RHSA-2024:9646, RHSA-2024:9144, RHSA-2024:8496, RHSA-2024:9653, RHSA-2025:10364, RHSA-2024:9680, RHSA-2024:8492, RHSA-2024:9636, RHSA-2024:8180,
Bugzilla: 2448778
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkit2gtk3-0:2.46.3-1.el8_4,webkit2gtk3-0:2.44.3-2.el9,webkit2gtk3-0:2.46.3-1.el8_6,webkit2gtk3-0:2.46.3-1.el8_8,webkit2gtk3-0:2.46.3-1.el8_10,webkit2gtk3-0:2.46.1-1.el9_2,webkitgtk4-0:2.48.3-2.el7_9,webkit2gtk3-0:2.46.1-1.el9_0,webkit2gtk3-0:2.46.3-1.el8_2,webkit2gtk3-0:2.46.1-2.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-31223
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:19157, RHSA-2025:17807, RHSA-2025:17741, RHSA-2025:17743, RHSA-2025:17643, RHSA-2025:17802, RHSA-2025:19109, RHSA-2025:19352, RHSA-2025:19165, RHSA-2025:18097,
Bugzilla: 2448779
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkit2gtk3-0:2.50.0-1.el8_6,webkit2gtk3-0:2.50.0-2.el9_4,webkit2gtk3-0:2.50.0-1.el8_10,webkit2gtk3-0:2.50.0-1.el8_8.1,webkit2gtk3-0:2.50.0-2.el9_2,webkit2gtk3-0:2.50.0-2.el9_0,webkit2gtk3-0:2.50.0-1.el8_2,webkit2gtk3-0:2.50.0-1.el8_4,webkit2gtk3-0:2.50.1-0.el9_6,webkitgtk4-0:2.50.0-1.el7_9,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-31277
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:19157, RHSA-2025:17807, RHSA-2025:17741, RHSA-2025:17743, RHSA-2025:17643, RHSA-2025:17802, RHSA-2025:19109, RHSA-2025:19352, RHSA-2025:19165, RHSA-2025:18097,
Bugzilla: 2448780
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkit2gtk3-0:2.50.0-1.el8_6,webkit2gtk3-0:2.50.0-2.el9_4,webkit2gtk3-0:2.50.0-1.el8_10,webkit2gtk3-0:2.50.0-1.el8_8.1,webkit2gtk3-0:2.50.0-2.el9_2,webkit2gtk3-0:2.50.0-2.el9_0,webkit2gtk3-0:2.50.0-1.el8_2,webkit2gtk3-0:2.50.0-1.el8_4,webkit2gtk3-0:2.50.1-0.el9_6,webkitgtk4-0:2.50.0-1.el7_9,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43213
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448781
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-43214
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448782
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-43433
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:23743, RHSA-2025:22789, RHSA-2025:23434, RHSA-2025:23742, RHSA-2025:23433, RHSA-2025:22790, RHSA-2025:23452, RHSA-2025:23583, RHSA-2025:23451, RHSA-2025:23110, RHSA-2025:23591,
Bugzilla: 2448783
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkitgtk4-0:2.50.3-2.el7_9,webkit2gtk3-0:2.50.3-2.el8_6,webkit2gtk3-0:2.50.3-1.el9_0,webkit2gtk3-0:2.50.3-2.el8_8,webkit2gtk3-0:2.50.3-2.el8_2,webkit2gtk3-0:2.50.3-2.el8_4,webkit2gtk3-0:2.50.3-1.el8_10,webkit2gtk3-0:2.50.3-1.el9_6,webkit2gtk3-0:2.50.3-1.el9_7,webkit2gtk3-0:2.50.3-1.el9_4,webkit2gtk3-0:2.50.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43438
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:23743, RHSA-2025:22789, RHSA-2025:23434, RHSA-2025:23742, RHSA-2025:23433, RHSA-2025:22790, RHSA-2025:23452, RHSA-2025:23583, RHSA-2025:23451, RHSA-2025:23110, RHSA-2025:23591,
Bugzilla: 2448784
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-416
Affected Packages: webkitgtk4-0:2.50.3-2.el7_9,webkit2gtk3-0:2.50.3-2.el8_6,webkit2gtk3-0:2.50.3-1.el9_0,webkit2gtk3-0:2.50.3-2.el8_8,webkit2gtk3-0:2.50.3-2.el8_2,webkit2gtk3-0:2.50.3-2.el8_4,webkit2gtk3-0:2.50.3-1.el8_10,webkit2gtk3-0:2.50.3-1.el9_6,webkit2gtk3-0:2.50.3-1.el9_7,webkit2gtk3-0:2.50.3-1.el9_4,webkit2gtk3-0:2.50.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43441
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:23743, RHSA-2025:22789, RHSA-2025:23434, RHSA-2025:23742, RHSA-2025:23433, RHSA-2025:22790, RHSA-2025:23452, RHSA-2025:23583, RHSA-2025:23451, RHSA-2025:23110, RHSA-2025:23591,
Bugzilla: 2448785
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkitgtk4-0:2.50.3-2.el7_9,webkit2gtk3-0:2.50.3-2.el8_6,webkit2gtk3-0:2.50.3-1.el9_0,webkit2gtk3-0:2.50.3-2.el8_8,webkit2gtk3-0:2.50.3-2.el8_2,webkit2gtk3-0:2.50.3-2.el8_4,webkit2gtk3-0:2.50.3-1.el8_10,webkit2gtk3-0:2.50.3-1.el9_6,webkit2gtk3-0:2.50.3-1.el9_7,webkit2gtk3-0:2.50.3-1.el9_4,webkit2gtk3-0:2.50.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43457
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448786
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-43511
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448787
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-46299
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448788
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may disclose internal states of the app
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20608
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448789
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20635
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448790
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20636
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448791
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20644
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448792
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20652
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448793
Bugzilla Description: webkitgtk: A remote attacker may be able to cause a denial-of-service
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20676
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448794
Bugzilla Description: webkitgtk: A website may be able to track users through Safari web extensions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4462
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449381
Bugzilla Description: chromium-browser: Out of bounds read in Blink
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4464
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2449382
Bugzilla Description: chromium-browser: Integer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4442
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449383
Bugzilla Description: chromium-browser: Heap buffer overflow in CSS
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-131
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4439
Severity: critical
Released on: 18/03/2026
Advisory:
Bugzilla: 2449384
Bugzilla Description: chromium-browser: Out of bounds memory access in WebGL
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4451
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449385
Bugzilla Description: chromium-browser: Insufficient validation of untrusted input in Navigation
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-1286
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4453
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449387
Bugzilla Description: chromium-browser: Integer overflow in Dawn
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4452
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449388
Bugzilla Description: chromium-browser: Integer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4447
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449389
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-843
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4455
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449392
Bugzilla Description: chromium-browser: Heap buffer overflow in PDFium
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4440
Severity: critical
Released on: 18/03/2026
Advisory:
Bugzilla: 2449394
Bugzilla Description: chromium-browser: Out of bounds read and write in WebGL
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4458
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449395
Bugzilla Description: chromium-browser: Use after free in Extensions
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4450
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449396
Bugzilla Description: chromium-browser: Out of bounds write in V8
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4449
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449397
Bugzilla Description: chromium-browser: Use after free in Blink
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-1341
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4444
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449398
Bugzilla Description: chromium-browser: Stack buffer overflow in WebRTC
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4461
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449399
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4443
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449401
Bugzilla Description: chromium-browser: Heap buffer overflow in WebAudio
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4459
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449402
Bugzilla Description: chromium-browser: Out of bounds read and write in WebAudio
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4446
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449405
Bugzilla Description: chromium-browser: Use after free in WebRTC
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4448
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449406
Bugzilla Description: chromium-browser: Heap buffer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4456
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449407
Bugzilla Description: chromium-browser: Use after free in Digital Credentials API
CVSS Score:
CVSSv3 Score: 9.0
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4457
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449409
Bugzilla Description: chromium-browser: Type Confusion in V8
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-843
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4460
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449412
Bugzilla Description: chromium-browser: Out of bounds read in Skia
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4463
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449413
Bugzilla Description: chromium-browser: Heap buffer overflow in WebRTC
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-131
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4454
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449414
Bugzilla Description: chromium-browser: Use after free in Network
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4441
Severity: critical
Released on: 18/03/2026
Advisory:
Bugzilla: 2449415
Bugzilla Description: chromium-browser: Use after free in Base
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27978
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448513
Bugzilla Description: next.js: Next.js: null origin can bypass Server Actions CSRF checks
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27977
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448514
Bugzilla Description: next.js: Next.js: null origin can bypass dev HMR websocket CSRF checks
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27459
Severity: important
Released on: 17/03/2026
Advisory:
Bugzilla: 2448503
Bugzilla Description: pyOpenSSL: DTLS cookie callback buffer overflow
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document

CVE-2026-27448
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448508
Bugzilla Description: pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-636
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document

CVE-2026-4645
Severity: important
Released on: 17/03/2026
Advisory:
Bugzilla: 2450214
Bugzilla Description: github.com/antchfx/xpath: xpath: Denial of Service via crafted Boolean XPath expressions
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Compliance Operator,Compliance Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,
Full Details
CVE document

CVE-2026-4359
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448447
Bugzilla Description: mongo-c-driver: mongo-c-driver: Denial of Service via malformed HTTP response
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-170
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-32981
Severity: important
Released on: 17/03/2026
Advisory: RHSA-2026:5809,
Bugzilla: 2448440
Bugzilla Description: ray: Ray Dashboard Path Traversal Leading to Local File Disclosure
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages: rhaiis/vllm-cuda-rhel9:sha256:bd371b1b8785b2f5799cbca4a12a1c66a1e8a37017334a79eaa1067b24b6a6ba,
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32837
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448445
Bugzilla Description: miniaudio: miniaudio: Denial of Service via crafted WAV files due to heap out-of-bounds read
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-170
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4324
Severity: moderate
Released on: 17/03/2026
Advisory: RHSA-2026:5968, RHSA-2026:5970,
Bugzilla: 2448349
Bugzilla Description: rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-89
Affected Packages: foreman-0:3.14.0.14-1.el9sat,rubygem-katello-0:4.16.0.14-1.el9sat,rubygem-fog-kubevirt-0:1.5.1-1.el9sat,python-pulp-container-0:2.22.3-1.el9pc,python-pulp-rpm-0:3.27.10-2.el9pc,python-django-0:4.2.28-0.1.el9pc,rubygem-rubyipmi-0:0.13.0-1.el9sat,satellite-0:6.17.7-1.el9sat,libcomps-0:0.1.23-0.3.el9pc,rubygem-katello-0:4.18.0.9-1.el9sat,python-brotli-0:1.2.0-0.1.el9pc,rubygem-foreman_kubevirt-0:0.4.3-1.el9sat,yggdrasil-worker-forwarder-0:0.0.3-4.el9sat,
Package States: Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-23241
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448335
Bugzilla Description: kernel: audit: add missing syscalls to read class
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-693
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71239
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448336
Bugzilla Description: kernel: audit: add fchmodat2() to change attributes class
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-693
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4177
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448277
Bugzilla Description: perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-32829
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448271
Bugzilla Description: lz4_flex: lz4_flex's decompression can leak information from uninitialized memory or reused output buffer
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-823
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2025-69196
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448179
Bugzilla Description: fastmcp: FastMCP: Improper token issuance due to incorrect resource parameter handling
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-28498
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448182
Bugzilla Description: authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-325
Affected Packages:
Package States: Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-4224
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448181
Bugzilla Description: cpython: Stack overflow parsing XML with deeply nested DTD content models
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-28490
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448162
Bugzilla Description: authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-325
Affected Packages:
Package States: Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-3644
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448168
Bugzilla Description: cpython: Incomplete control character validation in http.cookies
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-791
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-27962
Severity: important
Released on: 16/03/2026
Advisory: RHSA-2026:4942, RHSA-2026:5665,
Bugzilla: 2448164
Bugzilla Description: authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-347
Affected Packages: quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f,quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e,
Package States: Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-32778
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447885
Bugzilla Description: libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32777
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447890
Bugzilla Description: libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32776
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447888
Bugzilla Description: libexpat: libexpat: Denial of Service due to NULL pointer dereference
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32775
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447881
Bugzilla Description: libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4271
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448044
Bugzilla Description: libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-69693
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448195
Bugzilla Description: FFmpeg: out-of-bounds read in RV60 video decoder
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Lightspeed Core,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2025-68971
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448387
Bugzilla Description: forgejo: Forgejo: Denial of Service via large file attachment upload
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4174
Severity: moderate
Released on: 15/03/2026
Advisory:
Bugzilla: 2447696
Bugzilla Description: Radare2: Radare2: Local resource consumption via Mach-O File Parser
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1050
Affected Packages:
Package States:
Full Details
CVE document

CVE-2025-14287
Severity: important
Released on: 15/03/2026
Advisory:
Bugzilla: 2447690
Bugzilla Description: mlflow: MLflow: Arbitrary command execution via unsanitized container image names
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2025-54920
Severity: moderate
Released on: 14/03/2026
Advisory:
Bugzilla: 2447599
Bugzilla Description: org.apache.spark/spark-core: Apache Spark: Spark History Server Code Execution Vulnerability
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32640
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447529
Bugzilla Description: simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-915
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32635
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447515
Bugzilla Description: @angular/core: @angular/compiler: Angular has XSS in i18n attribute bindings
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32630
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447514
Bugzilla Description: file-type: file-type: Denial of Service via excessive memory growth from crafted ZIP files
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-409
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat build of Apicurio Registry 2,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3084
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447483
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2921
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447496
Bugzilla Description: GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3083
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447498
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3086
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447493
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3085
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447495
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3082
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447492
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3081
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447494
Bugzilla Description: GStreamer: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2923
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447503
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2922
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447500
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2920
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447490
Bugzilla Description: GStreamer: GStreamer: Arbitrary code execution via ASF file processing
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31899
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447447
Bugzilla Description: CairoSVG: CairoSVG: Denial of Service via recursive element amplification
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30853
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447437
Bugzilla Description: calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31897
Severity: low
Released on: 13/03/2026
Advisory:
Bugzilla: 2447380
Bugzilla Description: freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31806
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447376
Bugzilla Description: freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31885
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447383
Bugzilla Description: freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31884
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447385
Bugzilla Description: freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31883
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447386
Bugzilla Description: freerdp: FreeRDP: Denial of Service via crafted audio data in RDP
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29776
Severity: low
Released on: 13/03/2026
Advisory:
Bugzilla: 2447381
Bugzilla Description: freerdp: FreeRDP has an Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29775
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447379
Bugzilla Description: freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29774
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447382
Bugzilla Description: freerdp: FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2673
Severity: low
Released on: 13/03/2026
Advisory:
Bugzilla: 2447327
Bugzilla Description: openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-325
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images 1,Red Hat JBoss Core Services,
Full Details
CVE document

CVE-2025-57849
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2391100
Bugzilla Description: fuse: privilege escalation via excessive /etc/passwd permissions
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,
Full Details
CVE document

CVE-2025-8766
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2387265
Bugzilla Description: noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,
Full Details
CVE document

CVE-2026-3312
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2443259
Bugzilla Description: pagure: Pagure: Information disclosure via unrestricted reStructuredText include directive
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4105
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447262
Bugzilla Description: systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32597
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447194
Bugzilla Description: pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-32304
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447200
Bugzilla Description: locutusjs: Locutus: Arbitrary code execution via unsanitized parameters in create_function
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-88
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document

CVE-2026-2229
Severity: important
Released on: 12/03/2026
Advisory: RHSA-2026:5807,
Bugzilla: 2447143
Bugzilla Description: undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-248
Affected Packages: rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018,
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1528
Severity: important
Released on: 12/03/2026
Advisory: RHSA-2026:5807,
Bugzilla: 2447145
Bugzilla Description: undici: undici: Denial of Service via crafted WebSocket frame with large length
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-248
Affected Packages: rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018,
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1527
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447141
Bugzilla Description: undici: Undici: HTTP header injection and request smuggling vulnerability
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-93
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-2581
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447140
Bugzilla Description: undici: Undici: Denial of Service due to uncontrolled resource consumption
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1526
Severity: important
Released on: 12/03/2026
Advisory: RHSA-2026:5807,
Bugzilla: 2447142
Bugzilla Description: undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018,
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1525
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447144
Bugzilla Description: undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-444
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32274
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447111
Bugzilla Description: black: Black: Arbitrary file writes from unsanitized user input in cache file name
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-32259
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447112
Bugzilla Description: ImageMagick: stack-based buffer overflow in sixel encoder
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-32240
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447117
Bugzilla Description: capnproto: Cap'n Proto: Integer overflow in KJ-HTTP chunk size
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-32239
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447106
Bugzilla Description: capnproto: Cap'n Proto has an integer overflow in KJ-HTTP
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-681
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-32249
Severity: low
Released on: 12/03/2026
Advisory:
Bugzilla: 2447110
Bugzilla Description: vim: NFA regex engine NULL pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32237
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447080
Bugzilla Description: @backstage/plugin-scaffolder-backend: @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-497
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32236
Severity:
Released on: 12/03/2026
Advisory:
Bugzilla: 2447090
Bugzilla Description: @backstage/plugin-auth-backend: @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
CVSS Score:
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32235
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447075
Bugzilla Description: @backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-601
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3497
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447085
Bugzilla Description: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32141
Severity: important
Released on: 12/03/2026
Advisory: RHSA-2026:5807,
Bugzilla: 2447083
Bugzilla Description: flatted: flatted: Unbounded recursion DoS in parse() revive phase
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018,
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-28356
Severity: important
Released on: 12/03/2026
Advisory: RHSA-2026:5809,
Bugzilla: 2447059
Bugzilla Description: multipart: denial of service via maliciously crafted HTTP or multipart segment headers
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages: rhaiis/vllm-cuda-rhel9:sha256:bd371b1b8785b2f5799cbca4a12a1c66a1e8a37017334a79eaa1067b24b6a6ba,
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2025-70873
Severity: low
Released on: 12/03/2026
Advisory:
Bugzilla: 2447086
Bugzilla Description: sqlite: SQLite: Information Disclosure via Crafted ZIP File
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3909
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447195
Bugzilla Description: chromium-browser: Out of bounds write in Skia
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3910
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447199
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2808
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446879
Bugzilla Description: github.com/hashicorp/consul: HashiCorp Consul: Arbitrary file read via Kubernetes authentication configuration
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-59
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Multicluster Global Hub,OpenShift Serverless,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-31958
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446765
Bugzilla Description: tornado-python: Tornado: Denial of Service via large multipart bodies
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3950
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446751
Bugzilla Description: libheif: libheif: Denial of Service via out-of-bounds read in Track::load function
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-3949
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446725
Bugzilla Description: libheif: libheif: Out-of-bounds read via local argument manipulation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-805
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31870
Severity: important
Released on: 11/03/2026
Advisory:
Bugzilla: 2446713
Bugzilla Description: cpp-httplib: cpp-httplib: Denial of Service via malformed Content-Length header
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1287
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30226
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446675
Bugzilla Description: devalue: Devalue: Denial of Service or type confusion via prototype pollution
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-843
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-31853
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446690
Bugzilla Description: imagemagick: ImageMagick: Denial of Service via overflow in SFW decoder when processing large images on 32-bit systems
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-1471
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446566
Bugzilla Description: neo4j: Neo4j: Authentication context inheritance via excessive caching in SSO UserInfo endpoint
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-488
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-29777
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446584
Bugzilla Description: github.com/traefik/traefik: Traefik: Traffic redirection and hostname bypass via unsanitized input in router rules
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-31892
Severity: important
Released on: 11/03/2026
Advisory:
Bugzilla: 2446551
Bugzilla Description: github.com/argoproj/argo-workflows: Argo Workflows: Security bypass allows privilege escalation via podSpecPatch field
CVSS Score:
CVSSv3 Score: 9.9
Vector:
CWE: CWE-807
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-28229
Severity: important
Released on: 11/03/2026
Advisory:
Bugzilla: 2446549
Bugzilla Description: argo-workflows: Argo Workflows has unauthorized access to Argo Workflows Template
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3904
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446533
Bugzilla Description: glibc: nscd client crash on x86_64 under high nscd load
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3805
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446451
Bugzilla Description: curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3784
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446449
Bugzilla Description: curl: curl: Unauthorized access due to improper HTTP proxy connection reuse
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-305
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3783
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446450
Bugzilla Description: curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-201
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-1965
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446448
Bugzilla Description: curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-303
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3911
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446392
Bugzilla Description: org.keycloak.services.resources.admin.UserResource: Keycloak: Information disclosure of disabled user attributes via administrative endpoint
CVSS Score:
CVSSv3 Score: 2.7
Vector:
CWE: CWE-359
Affected Packages:
Package States: Red Hat Build of Keycloak,
Full Details
CVE document

CVE-2026-4111
Severity: important
Released on: 11/03/2026
Advisory: RHSA-2026:5063, RHSA-2026:5080,
Bugzilla: 2446453
Bugzilla Description: libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages: libarchive-0:3.7.7-5.el10_1,libarchive-0:3.5.3-7.el9_7,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-31838
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446342
Bugzilla Description: istio: Istio: Authorization policy bypass via Envoy RBAC header matching with multiple header values
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-551
Affected Packages:
Package States: cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,ExternalDNS Operator,ExternalDNS Operator,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-31837
Severity: important
Released on: 10/03/2026
Advisory: RHSA-2026:5948, RHSA-2026:5950, RHSA-2026:5952,
Bugzilla: 2446344
Bugzilla Description: istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1392
Affected Packages: openshift-service-mesh/istio-pilot-rhel9:sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42,openshift-service-mesh/istio-pilot-rhel9:sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd,openshift-service-mesh/istio-proxyv2-rhel9:sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6,openshift-service-mesh/istio-proxyv2-rhel9:sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4,openshift-service-mesh/istio-pilot-rhel9:sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f,openshift-service-mesh/istio-proxyv2-rhel9:sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4,
Package States: cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,ExternalDNS Operator,ExternalDNS Operator,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-31826
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446336
Bugzilla Description: pypdf: pypdf: Denial of Service due to excessive memory consumption via crafted PDF
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-31812
Severity: important
Released on: 10/03/2026
Advisory: RHSA-2026:5459,
Bugzilla: 2446330
Bugzilla Description: quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-248
Affected Packages: rhtas/tuffer-rhel9:sha256:f30c3610c1c840ea8edb99c2679edb09768c45012979da1389605c6a54204292,rhtas/tuftool-rhel9:sha256:cc2676a9d70599503faf8ca413e7bbc29cd523782a3d1e81bfc8f9e6323b4a28,
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-31808
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446309
Bugzilla Description: file-type: file-type: Denial of Service due to infinite loop in ASF file parsing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat build of Apicurio Registry 2,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-30951
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446250
Bugzilla Description: sequelize: Sequelize: Data exfiltration via SQL injection in JSON/JSONB where clause processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-89
Affected Packages:
Package States: Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-23868
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446207
Bugzilla Description: giflib: Giflib: Double-free vulnerability leading to memory corruption
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28292
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446162
Bugzilla Description: simple-git: simple-git: Remote Code Execution via bypass of prior security fixes
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-76
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-26130
Severity: important
Released on: 10/03/2026
Advisory: RHSA-2026:4458, RHSA-2026:4453, RHSA-2026:4443, RHSA-2026:4454, RHSA-2026:4455, RHSA-2026:4445, RHSA-2026:4456, RHSA-2026:4450, RHSA-2026:4451,
Bugzilla: 2446134
Bugzilla Description: asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: dotnet8.0-0:8.0.125-1.el10_1,dotnet8.0-0:8.0.125-1.el9_7,dotnet9.0-0:9.0.115-1.el10_1,dotnet9.0-0:9.0.115-1.el9_7,dotnet10.0-0:10.0.104-1.el10_1,dotnet9.0-0:9.0.115-1.el8_10,dotnet8.0-0:8.0.125-1.el8_10,dotnet10.0-0:10.0.104-1.el8_10,dotnet10.0-0:10.0.104-1.el9_7,
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26127
Severity: moderate
Released on: 10/03/2026
Advisory: RHSA-2026:4458, RHSA-2026:4453, RHSA-2026:4443, RHSA-2026:4445, RHSA-2026:4456, RHSA-2026:4450,
Bugzilla: 2446098
Bugzilla Description: .net: .NET: Denial of Service via out-of-bounds read
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-125
Affected Packages: dotnet9.0-0:9.0.115-1.el10_1,dotnet9.0-0:9.0.115-1.el9_7,dotnet10.0-0:10.0.104-1.el10_1,dotnet9.0-0:9.0.115-1.el8_10,dotnet10.0-0:10.0.104-1.el8_10,dotnet10.0-0:10.0.104-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26131
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446069
Bugzilla Description: dotnet: .NET: Privilege escalation via incorrect default permissions
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-30942
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446087
Bugzilla Description: flare: Flare: Information disclosure via authenticated path traversal
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2742
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446005
Bugzilla Description: com.vaadin/flow-server: Vaadin flow-server: Authentication bypass due to inconsistent path matching allows unauthorized session creation.
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-2741
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446008
Bugzilla Description: Vaadin-Flow: Vaadin: Arbitrary file write via path traversal during Node.js download
CVSS Score:
CVSSv3 Score: 2.6
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-23907
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2445994
Bugzilla Description: org.apache.pdfbox:pdfbox-examples: Apache PDFBox Example: Path Traversal via specially crafted filenames allows arbitrary file write
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-23239
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446109
Bugzilla Description: kernel: Kernel: Race condition in espintcp can lead to denial of service
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23240
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446139
Bugzilla Description: kernel: Linux kernel: Denial of service due to a race condition in the TLS subsystem
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3918
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446844
Bugzilla Description: chromium-browser: Use after free in WebMCP
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3921
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446845
Bugzilla Description: chromium-browser: Use after free in TextEncoding
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3913
Severity: critical
Released on: 10/03/2026
Advisory:
Bugzilla: 2446846
Bugzilla Description: chromium-browser: Heap buffer overflow in WebML
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3923
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446847
Bugzilla Description: chromium-browser: Use after free in WebMIDI
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3914
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446848
Bugzilla Description: chromium-browser: Integer overflow in WebML
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3938
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446849
Bugzilla Description: chromium-browser: Insufficient policy enforcement in Clipboard
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3934
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446850
Bugzilla Description: chromium-browser: Insufficient policy enforcement in ChromeDriver
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3942
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446852
Bugzilla Description: chromium-browser: Incorrect security UI in PictureInPicture
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3919
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446853
Bugzilla Description: chromium-browser: Use after free in Extensions
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3916
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446854
Bugzilla Description: chromium-browser: Out of bounds read in Web Speech
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3915
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446856
Bugzilla Description: chromium-browser: Heap buffer overflow in WebML
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3927
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446857
Bugzilla Description: chromium-browser: Incorrect security UI in PictureInPicture
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3926
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446859
Bugzilla Description: chromium-browser: Out of bounds read in V8
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3940
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446860
Bugzilla Description: chromium-browser: Insufficient policy enforcement in DevTools
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3917
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446861
Bugzilla Description: chromium-browser: Use after free in Agents
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3941
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446863
Bugzilla Description: chromium-browser: Insufficient policy enforcement in DevTools
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3920
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446864
Bugzilla Description: chromium-browser: Out of bounds memory access in WebML
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3928
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446865
Bugzilla Description: chromium-browser: Insufficient policy enforcement in Extensions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3922
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446866
Bugzilla Description: chromium-browser: Use after free in MediaStream
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3931
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446868
Bugzilla Description: chromium-browser: Heap buffer overflow in Skia
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3929
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446870
Bugzilla Description: chromium-browser: Side-channel information leakage in ResourceTiming
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3924
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446871
Bugzilla Description: chromium-browser: Use after free in WindowDialog
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3935
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446872
Bugzilla Description: chromium-browser: Incorrect security UI in WebAppInstalls
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3939
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446873
Bugzilla Description: chromium-browser: Insufficient policy enforcement in PDF
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3930
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2447256
Bugzilla Description: chromium-browser: Unsafe navigation in Navigation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30937
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445882
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via integer overflow in XWD encoder
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30936
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445880
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted image processing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30935
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445899
Bugzilla Description: ImageMagick: heap-based buffer over-read in BilateralBlurImage
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30931
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445900
Bugzilla Description: ImageMagick: ImageMagick: Heap-based buffer overflow leading to out-of-bounds write
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30929
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445896
Bugzilla Description: ImageMagick: stack-based buffer overflow in MagnifyImage
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30883
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445878
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service due to heap overflow when processing large image profiles
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28693
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445888
Bugzilla Description: ImageMagick: ImageMagick: Out-of-bounds read or write due to integer overflow in DIB coder
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28692
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445890
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure and denial of service via heap over-read in MAT decoder
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28691
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445902
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via uninitialized pointer dereference in JBIG decoder
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28690
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445887
Bugzilla Description: ImageMagick: stack-based buffer overflow in MNG encoder
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28689
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445891
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure and unauthorized modification via symlink TOCTOU vulnerability
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28688
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445877
Bugzilla Description: ImageMagick: use-after-free in the MSL encoder
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28687
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445897
Bugzilla Description: ImageMagick: ImageMagick: Heap use-after-free vulnerability allows denial of service via crafted MSL file
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28686
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445889
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via heap-buffer-overflow in PCL encode
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28494
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445901
Bugzilla Description: ImageMagick: ImageMagick: Arbitrary code execution or denial of service via maliciously crafted kernel strings
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28493
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445883
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service and information disclosure via integer overflow in SIXEL decoder
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-31802
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445881
Bugzilla Description: tar: tar: File overwrite via drive-relative symlink traversal
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Network Observability Operator,Network Observability Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel - HawtIO 4,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-25960
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445892
Bugzilla Description: vLLM: vLLM: Server-Side Request Forgery bypass via inconsistent URL parsing
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-474
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-0846
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445826
Bugzilla Description: nltk: NLTK: Arbitrary file read via improper path validation in `filestring()` function
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3836
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445770
Bugzilla Description: dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2025-69647
Severity: low
Released on: 09/03/2026
Advisory:
Bugzilla: 2445773
Bugzilla Description: binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69648
Severity: low
Released on: 09/03/2026
Advisory:
Bugzilla: 2445774
Bugzilla Description: binutils: infinite loop in readelf via crafted binary with malformed DWARF .debug_rnglists data
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2024-14027
Severity: low
Released on: 09/03/2026
Advisory:
Bugzilla: 2445789
Bugzilla Description: kernel: xattr: switch to CLASS(fd)
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-70034
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445801
Bugzilla Description: ssh2: ssh2: Denial of Service due to inefficient regular expression complexity
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3731
Severity: moderate
Released on: 08/03/2026
Advisory:
Bugzilla: 2445579
Bugzilla Description: libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3713
Severity: moderate
Released on: 08/03/2026
Advisory:
Bugzilla: 2445566
Bugzilla Description: libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-29076
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445491
Bugzilla Description: cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1333
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29786
Severity: important
Released on: 07/03/2026
Advisory:
Bugzilla: 2445476
Bugzilla Description: node-tar: hardlink path traversal via drive-relative linkpath
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-22
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Network Observability Operator,Network Observability Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel - HawtIO 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-29186
Severity: important
Released on: 07/03/2026
Advisory:
Bugzilla: 2445480
Bugzilla Description: backstage/plugin-techdocs-node: TechDocs Mkdocs configuration key enables arbitrary code execution
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-791
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-29184
Severity: low
Released on: 07/03/2026
Advisory:
Bugzilla: 2445468
Bugzilla Description: @backstage/plugin-scaffolder-backend: Backstage Scaffolder Backend: Information disclosure via malicious template bypassing log redaction
CVSS Score:
CVSSv3 Score: 2.0
Vector:
CWE: CWE-117
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-29185
Severity: low
Released on: 07/03/2026
Advisory:
Bugzilla: 2445484
Bugzilla Description: @backstage/integration: Backstage SCM Integration: Unauthorized access to SCM APIs via path traversal
CVSS Score:
CVSSv3 Score: 2.7
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-24308
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445451
Bugzilla Description: Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-117
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-24281
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445449
Bugzilla Description: Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-30827
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445429
Bugzilla Description: express-rate-limit: express-rate-limit: Denial of Service for IPv4 clients due to incorrect IPv6 subnet masking
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1389
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-27139
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445335
Bugzilla Description: os: FileInfo can escape from a Root in golang os module
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images 1,Red Hat Hardened Images 1,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-27138
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445344
Bugzilla Description: crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-295
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images 1,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-27142
Severity: moderate
Released on: 06/03/2026
Advisory: RHSA-2026:5192,
Bugzilla: 2445351
Bugzilla Description: html/template: URLs in meta content attribute actions are not escaped in html/template
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages: golang1-25-main-1.25.8-1.1.hum1,
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images 1,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-25679
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:5942, RHSA-2026:5944, RHSA-2026:5549, RHSA-2026:5941, RHSA-2026:5110,
Bugzilla: 2445356
Bugzilla Description: net/url: Incorrect parsing of IPv6 host literals in net/url
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1286
Affected Packages: golang-0:1.25.8-1.el10_1,golang-0:1.25.8-1.el9_6,multicluster-globalhub/multicluster-globalhub-agent-rhel9:sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd,golang-0:1.25.8-1.el9_7,openshift-builds/openshift-builds-waiters-rhel9:sha256:10cc203162a18a29b59faedf70efbdce132e92f64f915d3265c4fcb44711df9c,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,ExternalDNS Operator,ExternalDNS Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,mirror registry for Red Hat OpenShift,mirror registry for Red Hat OpenShift 2,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat Certification Program for Red Hat Enterprise Linux 9,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images 1,Red Hat Hardened Images 1,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 1,Red Hat Service Interconnect 1,Red Hat Service Interconnect 2,Red Hat Service Interconnect 2,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Service Telemetry Framework 1.5,streams for Apache Kafka 3,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-27137
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:5549, RHSA-2026:5110,
Bugzilla: 2445345
Bugzilla Description: crypto/x509: Incorrect enforcement of email constraints in crypto/x509
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-295
Affected Packages: multicluster-globalhub/multicluster-globalhub-agent-rhel9:sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd,openshift-builds/openshift-builds-waiters-rhel9:sha256:10cc203162a18a29b59faedf70efbdce132e92f64f915d3265c4fcb44711df9c,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,ExternalDNS Operator,ExternalDNS Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,mirror registry for Red Hat OpenShift,mirror registry for Red Hat OpenShift 2,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat Certification Program for Red Hat Enterprise Linux 9,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images 1,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 1,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Service Telemetry Framework 1.5,streams for Apache Kafka 3,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-30231
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445348
Bugzilla Description: flare: Flare: Information disclosure via inconsistent access checks for private files
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-639
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30230
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445349
Bugzilla Description: flare: Flare: Unauthorized information disclosure due to improper access control in the thumbnail endpoint.
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-306
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29063
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445291
Bugzilla Description: immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-915
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Network Observability Operator,Network Observability Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Discovery 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3419
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445295
Bugzilla Description: fastify: Fastify: Bypass of Content-Type validation via malformed Content-Type headers
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-625
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-29091
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445262
Bugzilla Description: locutus: Locutus: Remote Code Execution via insecure callback function implementation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document

CVE-2026-29089
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445265
Bugzilla Description: timescaledb: TimescaleDB: Arbitrary code execution via malicious functions in user-writable schemas during extension upgrade
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-427
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-26017
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445244
Bugzilla Description: github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Connectivity Link 1,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-26018
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445242
Bugzilla Description: github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1241
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Connectivity Link 1,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-23925
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445155
Bugzilla Description: zabbix: Zabbix: Confidentiality loss via improper access control in configuration.import API
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-266
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29074
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:5807,
Bugzilla: 2445132
Bugzilla Description: svgo: SVGO: Denial of Service via XML entity expansion
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages: rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018,
Package States: Cryostat 4,Gatekeeper 3,Multicluster Engine for Kubernetes,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Single Sign-On 7,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-29062
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445135
Bugzilla Description: jackson-core: jackson-core: Denial of Service via excessive JSON nesting
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Certificate System 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28804
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445118
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF with ASCIIHexDecode filter
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-28802
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:4942, RHSA-2026:5168, RHSA-2026:5665,
Bugzilla: 2445120
Bugzilla Description: authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-347
Affected Packages: quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f,quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e,quay/quay-rhel8:sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-28799
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445116
Bugzilla Description: PJSIP: PJSIP: Denial of Service via heap use-after-free in event subscription
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29068
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445115
Bugzilla Description: PJSIP: PJSIP: Denial of Service via malformed RTP payload processing
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3632
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445127
Bugzilla Description: libsoup: libsoup: HTTP Smuggling and Server-Side Request Forgery via Malformed Hostnames
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3633
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445128
Bugzilla Description: libsoup: libsoup: Header and HTTP request injection via CRLF injection
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3634
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445129
Bugzilla Description: libsoup: libsoup: HTTP header injection and response splitting via CRLF injection in Content-Type header
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-69645
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445261
Bugzilla Description: binutils: Binutils objdump: Denial of Service via crafted DWARF debug information
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69644
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445263
Bugzilla Description: binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-606
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69646
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445264
Bugzilla Description: binutils: Binutils: Denial of Service via malformed DWARF debug_rnglists data
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-606
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69650
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445293
Bugzilla Description: binutils: double free in readelf via crafted ELF binary with malformed relocation data
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69652
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445296
Bugzilla Description: binutils: abort in readelf via crafted ELF binary with malformed DWARF abbrev or debug information
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69649
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445298
Bugzilla Description: binutils: NULL pointer dereference in readelf via crafted ELF binary with malformed header fields
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69651
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445299
Bugzilla Description: binutils: Binutils: Denial of Service via crafted ELF binary processing
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3606
Severity: moderate
Released on: 05/03/2026
Advisory:
Bugzilla: 2445008
Bugzilla Description: Ettercap: Ettercap: Denial of Service via out-of-bounds read in etterfilter
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-0848
Severity:
Released on: 05/03/2026
Advisory:
Bugzilla: 2444957
Bugzilla Description: nltk: NLTK: Arbitrary code execution via unvalidated Java Archive (JAR) file loading
CVSS Score:
CVSSv3 Score: 10.0
Vector:
CWE: CWE-829
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-29054
Severity: important
Released on: 05/03/2026
Advisory:
Bugzilla: 2444872
Bugzilla Description: github.com/traefik/traefik: Traefik: Information disclosure due to case-insensitive Connection header processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-178
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-26999
Severity: important
Released on: 05/03/2026
Advisory:
Bugzilla: 2444874
Bugzilla Description: github.com/traefik/traefik: Traefik: Denial of Service due to incomplete TLS handshake
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-26998
Severity: moderate
Released on: 05/03/2026
Advisory:
Bugzilla: 2444876
Bugzilla Description: github.com/traefik/traefik: Traefik: Denial of Service due to unbounded ForwardAuth middleware response processing
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-25048
Severity: important
Released on: 05/03/2026
Advisory: RHSA-2026:5809,
Bugzilla: 2444840
Bugzilla Description: xgrammar: xgrammar: Denial of Service via multi-level nested syntax
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-674
Affected Packages: rhaiis/vllm-cuda-rhel9:sha256:bd371b1b8785b2f5799cbca4a12a1c66a1e8a37017334a79eaa1067b24b6a6ba,
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-2092
Severity: important
Released on: 05/03/2026
Advisory: RHSA-2026:3925, RHSA-2026:3947, RHSA-2026:3926, RHSA-2026:3948,
Bugzilla: 2437296
Bugzilla Description: keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-1287
Affected Packages: rhbk/keycloak-rhel9-operator:26.2-16,rhbk/keycloak-rhel9,rhbk/keycloak-operator-bundle:26.2.14-1,rhbk/keycloak-operator-bundle:26.4.10-1,rhbk/keycloak-rhel9:26.2-16,rhbk/keycloak-rhel9-operator:26.4-12,rhbk/keycloak-rhel9:26.4-12,
Package States:
Full Details
CVE document

CVE-2026-3047
Severity: important
Released on: 05/03/2026
Advisory: RHSA-2026:3925, RHSA-2026:3947, RHSA-2026:3926, RHSA-2026:3948,
Bugzilla: 2441966
Bugzilla Description: org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-305
Affected Packages: rhbk/keycloak-rhel9-operator:26.2-16,rhbk/keycloak-rhel9,rhbk/keycloak-operator-bundle:26.2.14-1,rhbk/keycloak-operator-bundle:26.4.10-1,rhbk/keycloak-rhel9:26.2-16,rhbk/keycloak-rhel9-operator:26.4-12,rhbk/keycloak-rhel9:26.4-12,
Package States:
Full Details
CVE document

CVE-2026-2603
Severity: important
Released on: 05/03/2026
Advisory: RHSA-2026:3925, RHSA-2026:3947, RHSA-2026:3926, RHSA-2026:3948,
Bugzilla: 2440300
Bugzilla Description: keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-306
Affected Packages: rhbk/keycloak-rhel9-operator:26.2-16,rhbk/keycloak-rhel9,rhbk/keycloak-operator-bundle:26.2.14-1,rhbk/keycloak-operator-bundle:26.4.10-1,rhbk/keycloak-rhel9:26.2-16,rhbk/keycloak-rhel9-operator:26.4-12,rhbk/keycloak-rhel9:26.4-12,
Package States:
Full Details
CVE document

CVE-2026-3009
Severity: important
Released on: 05/03/2026
Advisory: RHSA-2026:3947, RHSA-2026:3948,
Bugzilla: 2441867
Bugzilla Description: org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-863
Affected Packages: rhbk/keycloak-rhel9,rhbk/keycloak-operator-bundle:26.4.10-1,rhbk/keycloak-rhel9-operator:26.4-12,rhbk/keycloak-rhel9:26.4-12,
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-1605
Severity: important
Released on: 05/03/2026
Advisory:
Bugzilla: 2444815
Bugzilla Description: org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Web Server 6,Red Hat Offline Knowledge Portal,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2025-11143
Severity: low
Released on: 05/03/2026
Advisory:
Bugzilla: 2444808
Bugzilla Description: org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-444
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,Red Hat AMQ Broker 7,Red Hat build of Apache Camel 4 for Quarkus 3,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of Apicurio Registry 3,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Web Server 6,Red Hat Offline Knowledge Portal,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27982
Severity: moderate
Released on: 05/03/2026
Advisory:
Bugzilla: 2444764
Bugzilla Description: django-allauth: django-allauth: Open redirect via crafted URL in SAML IdP initiated SSO
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-601
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3381
Severity: moderate
Released on: 05/03/2026
Advisory:
Bugzilla: 2444733
Bugzilla Description: compress-raw-zlib: Compress::Raw::Zlib: Vulnerabilities due to outdated zlib library
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1104
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-69534
Severity: important
Released on: 05/03/2026
Advisory:
Bugzilla: 2444839
Bugzilla Description: python-markdown: denial of service via malformed HTML-like sequences
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-617
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2025-45691
Severity: important
Released on: 05/03/2026
Advisory:
Bugzilla: 2444875
Bugzilla Description: ragas: arbitrary file read via improper URL validation in multimodal inputs
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-2297
Severity: low
Released on: 04/03/2026
Advisory:
Bugzilla: 2444691
Bugzilla Description: cpython: CPython: Logging Bypass in Legacy .pyc File Handling
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-778
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images 1,Red Hat Hardened Images 1,Red Hat Hardened Images 1,Red Hat Hardened Images 1,Red Hat Hardened Images 1,
Full Details
CVE document

CVE-2026-27898
Severity: moderate
Released on: 04/03/2026
Advisory:
Bugzilla: 2444681
Bugzilla Description: vaultwarden: Vaultwarden: Information disclosure via API partial update
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-639
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27803
Severity: important
Released on: 04/03/2026
Advisory:
Bugzilla: 2444678
Bugzilla Description: vaultwarden: Vaultwarden: Unauthorized collection management operations due to improper access control
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-266
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27802
Severity: important
Released on: 04/03/2026
Advisory:
Bugzilla: 2444676
Bugzilla Description: vaultwarden: Vaultwarden: Privilege Escalation via Unauthorized Bulk Permission Update
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-266
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27801
Severity: moderate
Released on: 04/03/2026
Advisory:
Bugzilla: 2444677
Bugzilla Description: vaultwarden: Vaultwarden: Two-factor authentication bypass allows unauthorized access and data deletion.
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-307
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-0847
Severity: important
Released on: 04/03/2026
Advisory:
Bugzilla: 2444608
Bugzilla Description: nltk: NLTK: Arbitrary file read via path traversal vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3520
Severity: important
Released on: 04/03/2026
Advisory:
Bugzilla: 2444584
Bugzilla Description: multer: Multer: Denial of Service via malformed requests
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2025-15558
Severity: important
Released on: 04/03/2026
Advisory:
Bugzilla: 2444574
Bugzilla Description: docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-427
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Gatekeeper 3,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Kernel Module Management Operator for Red Hat Openshift,Machine Deletion Remediation Operator,Machine Deletion Remediation Operator,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Security Profiles Operator,Security Profiles Operator,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2025-12801
Severity: moderate
Released on: 04/03/2026
Advisory: RHSA-2026:5606, RHSA-2026:3940, RHSA-2026:3941, RHSA-2026:3942, RHSA-2026:5127, RHSA-2026:3938, RHSA-2026:3939,
Bugzilla: 2413081
Bugzilla Description: nfs-utils: rpc.mountd in the nfs-utils privilege escalation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-279
Affected Packages: rhceph/rhceph-8-rhel9:sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414,nfs-utils-1:2.3.3-68.el8_10,nfs-utils-1:2.5.4-26.el9_4.3,nfs-utils-1:2.5.4-34.el9_6.3,rhcos-418.94.202603181125-0,nfs-utils-1:2.8.3-0.el10_1.3,nfs-utils-1:2.5.4-38.el9_7.3,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-66168
Severity: moderate
Released on: 04/03/2026
Advisory:
Bugzilla: 2444356
Bugzilla Description: org.apache.activemq/apache-activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-mqtt: Apache ActiveMQ: Unexpected behavior due to integer overflow in MQTT packet decoding
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-27446
Severity: important
Released on: 04/03/2026
Advisory: RHSA-2026:3955, RHSA-2026:3957,
Bugzilla: 2444320
Bugzilla Description: org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-306
Affected Packages: artemis-server,
Package States: Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of OptaPlanner 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-23231
Severity: moderate
Released on: 04/03/2026
Advisory:
Bugzilla: 2444376
Bugzilla Description: kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23236
Severity:
Released on: 04/03/2026
Advisory:
Bugzilla: 2444387
Bugzilla Description: kernel: fbdev: smscufx: properly copy ioctl memory to kernelspace
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23232
Severity:
Released on: 04/03/2026
Advisory:
Bugzilla: 2444388
Bugzilla Description: kernel: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23238
Severity: moderate
Released on: 04/03/2026
Advisory:
Bugzilla: 2444389
Bugzilla Description: kernel: romfs: check sb_set_blocksize() return value
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-252
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23234
Severity:
Released on: 04/03/2026
Advisory:
Bugzilla: 2444390
Bugzilla Description: kernel: f2fs: fix to avoid UAF in f2fs_write_end_io()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23235
Severity:
Released on: 04/03/2026
Advisory:
Bugzilla: 2444392
Bugzilla Description: kernel: f2fs: fix out-of-bounds access in sysfs attribute read/write
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23237
Severity: low
Released on: 04/03/2026
Advisory:
Bugzilla: 2444395
Bugzilla Description: kernel: platform/x86: classmate-laptop: Add missing NULL pointer checks
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23233
Severity:
Released on: 04/03/2026
Advisory:
Bugzilla: 2444397
Bugzilla Description: kernel: f2fs: fix to avoid mapping wrong physical block for swapfile
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71238
Severity: moderate
Released on: 04/03/2026
Advisory:
Bugzilla: 2444398
Bugzilla Description: kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-672
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27622
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444251
Bugzilla Description: openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27601
Severity: moderate
Released on: 03/03/2026
Advisory:
Bugzilla: 2444247
Bugzilla Description: Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-606
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-2376
Severity: moderate
Released on: 03/03/2026
Advisory:
Bugzilla: 2439117
Bugzilla Description: mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-601
Affected Packages:
Package States: mirror registry for Red Hat OpenShift,mirror registry for Red Hat OpenShift 2,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-3494
Severity: moderate
Released on: 03/03/2026
Advisory:
Bugzilla: 2444155
Bugzilla Description: MariaDB: MariaDB: Information disclosure due to unlogged SQL statements with comments
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-0540
Severity: moderate
Released on: 03/03/2026
Advisory:
Bugzilla: 2444135
Bugzilla Description: DOMPurify: DOMPurify: Cross-site scripting vulnerability
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Cryostat 4,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Process Automation 7,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2025-15599
Severity: moderate
Released on: 03/03/2026
Advisory:
Bugzilla: 2444138
Bugzilla Description: DOMPurify: DOMPurify: Cross-site scripting
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Cryostat 4,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Process Automation 7,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-25674
Severity: low
Released on: 03/03/2026
Advisory:
Bugzilla: 2444111
Bugzilla Description: django: Django: Incorrect file permissions due to race condition
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery 2,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-25673
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444115
Bugzilla Description: django: Django: Denial of Service via slow URL normalization on Windows
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Discovery 2,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-3449
Severity: moderate
Released on: 03/03/2026
Advisory:
Bugzilla: 2444057
Bugzilla Description: @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-1322
Affected Packages:
Package States: Confidential Compute Attestation,Cryostat 4,Migration Toolkit for Containers,Network Observability Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat OpenShift AI (RHOAI),Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-3540
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444612
Bugzilla Description: chromium-browser: Inappropriate implementation in WebAudio
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3536
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444613
Bugzilla Description: chromium-browser: Integer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3545
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444615
Bugzilla Description: chromium-browser: Insufficient data validation in Navigation
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3542
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444616
Bugzilla Description: chromium-browser: Inappropriate implementation in WebAssembly
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3538
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444617
Bugzilla Description: chromium-browser: Integer overflow in Skia
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3541
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444619
Bugzilla Description: chromium-browser: Inappropriate implementation in CSS
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3539
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444620
Bugzilla Description: chromium-browser: Object lifecycle issue in DevTools
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3543
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444622
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3544
Severity: important
Released on: 03/03/2026
Advisory:
Bugzilla: 2444623
Bugzilla Description: chromium-browser: Heap buffer overflow in WebCodecs
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3338
Severity: important
Released on: 02/03/2026
Advisory: RHSA-2026:5459,
Bugzilla: 2444025
Bugzilla Description: aws-lc: AWS-LC: Signature bypass due to improper validation in PKCS7_verify()
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages: rhtas/tuffer-rhel9:sha256:f30c3610c1c840ea8edb99c2679edb09768c45012979da1389605c6a54204292,rhtas/tuftool-rhel9:sha256:cc2676a9d70599503faf8ca413e7bbc29cd523782a3d1e81bfc8f9e6323b4a28,
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3337
Severity: moderate
Released on: 02/03/2026
Advisory:
Bugzilla: 2444024
Bugzilla Description: aws-lc: AWS-LC: Information disclosure via timing discrepancy in AES-CCM decryption
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-208
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3336
Severity: important
Released on: 02/03/2026
Advisory: RHSA-2026:5459,
Bugzilla: 2444026
Bugzilla Description: aws-lc: aws-lc: Certificate validation bypass via improper handling of PKCS7 objects
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-295
Affected Packages: rhtas/tuffer-rhel9:sha256:f30c3610c1c840ea8edb99c2679edb09768c45012979da1389605c6a54204292,rhtas/tuftool-rhel9:sha256:cc2676a9d70599503faf8ca413e7bbc29cd523782a3d1e81bfc8f9e6323b4a28,
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-2256
Severity: moderate
Released on: 02/03/2026
Advisory:
Bugzilla: 2444016
Bugzilla Description: ModelScope: ModelScope, Red Hat AI Inference Server, Red Hat OpenShift AI: Arbitrary code execution via crafted prompt input
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-25884
Severity: low
Released on: 02/03/2026
Advisory:
Bugzilla: 2443992
Bugzilla Description: Exiv2: Exiv2: Denial of service via out-of-bounds read in CRW image parser
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27596
Severity: low
Released on: 02/03/2026
Advisory:
Bugzilla: 2443991
Bugzilla Description: exiv2: Exiv2: Denial of Service via out-of-bounds read in preview component
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27631
Severity: low
Released on: 02/03/2026
Advisory:
Bugzilla: 2443986
Bugzilla Description: Exiv2: Exiv2: Denial of Service via integer overflow in preview component
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23865
Severity: moderate
Released on: 02/03/2026
Advisory:
Bugzilla: 2443891
Bugzilla Description: Freetype: Freetype: Information disclosure or denial of service via specially crafted font files
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE:
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3441
Severity: moderate
Released on: 02/03/2026
Advisory:
Bugzilla: 2443826
Bugzilla Description: binutils: GNU Binutils: Information disclosure via specially crafted XCOFF object file
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3442
Severity: moderate
Released on: 02/03/2026
Advisory:
Bugzilla: 2443828
Bugzilla Description: binutils: GNU Binutils: Information disclosure or denial of service via out-of-bounds read in bfd linker
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3429
Severity: moderate
Released on: 02/03/2026
Advisory:
Bugzilla: 2443771
Bugzilla Description: org.keycloak.services.resources.account: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-284
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-28422
Severity: low
Released on: 27/02/2026
Advisory:
Bugzilla: 2443475
Bugzilla Description: vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering
CVSS Score:
CVSSv3 Score: 2.2
Vector:
CWE: CWE-135
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-28421
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443474
Bugzilla Description: vim: Vim: Denial of service and information disclosure via crafted swap file
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-28420
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443484
Bugzilla Description: vim: Vim: Information disclosure and denial of service via crafted Unicode characters in terminal emulator
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-28419
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443482
Bugzilla Description: vim: Vim: Information disclosure and denial of service via malformed tags file
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-124
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-28418
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443481
Bugzilla Description: vim: Vim: Information disclosure via heap-based buffer overflow in Emacs-style tags file parsing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-28417
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443455
Bugzilla Description: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-28416
Severity: important
Released on: 27/02/2026
Advisory:
Bugzilla: 2443453
Bugzilla Description: Gradio: Gradio: Server-Side Request Forgery allows access to internal services via malicious Space loading
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-918
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-28415
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443449
Bugzilla Description: Gradio: Gradio: Open Redirect vulnerability allows redirection to arbitrary external URLs.
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-601
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27167
Severity: low
Released on: 27/02/2026
Advisory:
Bugzilla: 2443454
Bugzilla Description: Gradio: Gradio: Information disclosure due to hardcoded secret in session cookie signing, allowing remote attackers to steal Hugging Face tokens.
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-798
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-28406
Severity: important
Released on: 27/02/2026
Advisory:
Bugzilla: 2443462
Bugzilla Description: kaniko: kaniko: Arbitrary code execution via path traversal in build context archive unpacking
CVSS Score:
CVSSv3 Score: 8.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,
Full Details
CVE document

CVE-2026-28351
Severity: moderate
Released on: 27/02/2026
Advisory:
Bugzilla: 2443450
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF with RunLengthDecode filter
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-2293
Severity: important
Released on: 27/02/2026
Advisory:
Bugzilla: 2443367
Bugzilla Description: nestjs: NestJS: Authentication bypass via Fastify path-normalization
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3304
Severity: important
Released on: 27/02/2026
Advisory:
Bugzilla: 2443353
Bugzilla Description: multer: Multer: Denial of Service via malformed requests
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-459
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-2359
Severity: important
Released on: 27/02/2026
Advisory:
Bugzilla: 2443350
Bugzilla Description: multer: Multer: Denial of Service via dropped file upload connections
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Trusted Profile Analyzer,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3293
Severity: low
Released on: 27/02/2026
Advisory:
Bugzilla: 2443274
Bugzilla Description: snowflake-jdbc: snowflake-jdbc: Denial of Service via inefficient regular expression processing
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-28364
Severity: important
Released on: 27/02/2026
Advisory:
Bugzilla: 2443348
Bugzilla Description: ocaml: OCaml: Remote code execution via buffer over-read in Marshal deserialization
CVSS Score:
CVSSv3 Score: 7.9
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28208
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2443166
Bugzilla Description: com.github.junrar/junrar: Junrar: Remote code execution via path traversal when extracting crafted RAR archives
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-27141
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2443104
Bugzilla Description: golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Builds for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,ExternalDNS Operator,ExternalDNS Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,Multicluster Engine for Kubernetes,Multicluster Global Hub,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat Certification Program for Red Hat Enterprise Linux 9,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 1,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-27970
Severity: important
Released on: 26/02/2026
Advisory:
Bugzilla: 2442934
Bugzilla Description: @angular/core: Angular: Cross-site scripting via compromised translation files
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27959
Severity: important
Released on: 26/02/2026
Advisory:
Bugzilla: 2442928
Bugzilla Description: koa: Koa: Host header injection vulnerability due to malformed HTTP Host header parsing
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-27942
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2442938
Bugzilla Description: fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Developer Hub,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-27904
Severity: moderate
Released on: 26/02/2026
Advisory: RHSA-2026:4942, RHSA-2026:5168, RHSA-2026:5665,
Bugzilla: 2442922
Bugzilla Description: minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages: quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f,quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e,quay/quay-rhel8:sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad,
Package States: Cryostat 4,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 8,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27903
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2442919
Bugzilla Description: minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Cryostat 4,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 8,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27902
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2442917
Bugzilla Description: svelte: Svelte: Cross-Site Scripting via unsanitized error output
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27901
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2442918
Bugzilla Description: svelte: Svelte: Cross-Site Scripting and HTML injection via improper escaping of bind:innerText and bind:textContent
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,
Full Details
CVE document

CVE-2026-27896
Severity: important
Released on: 26/02/2026
Advisory:
Bugzilla: 2442903
Bugzilla Description: modelcontextprotocol/go-sdk: improper handling of case sensitivity
CVSS Score:
CVSSv3 Score: 7.2
Vector:
CWE: CWE-178
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27830
Severity: important
Released on: 26/02/2026
Advisory: RHSA-2026:4285, RHSA-2026:3890,
Bugzilla: 2442908
Bugzilla Description: c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects
CVSS Score:
CVSSv3 Score: 8.0
Vector:
CWE: CWE-502
Affected Packages: com.mchange/c3p0,
Package States: Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Debezium 2,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27888
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2442899
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1050
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27837
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2442905
Bugzilla Description: dottie.js: dottie.js: Unauthorized object modification via prototype pollution bypass
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-915
Affected Packages:
Package States: Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-3234
Severity: low
Released on: 26/02/2026
Advisory:
Bugzilla: 2442889
Bugzilla Description: mod_proxy_cluster: mod_proxy_cluster: Response body corruption via CRLF injection
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat JBoss Core Services,
Full Details
CVE document

CVE-2026-28296
Severity: moderate
Released on: 26/02/2026
Advisory:
Bugzilla: 2443003
Bugzilla Description: gvfs: FTP GVfs backend: Arbitrary FTP command injection via CRLF sequences in file paths
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28295
Severity: low
Released on: 26/02/2026
Advisory:
Bugzilla: 2443004
Bugzilla Description: gvfs: GVfs FTP backend: Information disclosure via untrusted PASV responses
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27799
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442879
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service and data corruption due to crafted DJVU image processing
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-27798
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442872
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure via heap buffer over-read when processing images
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-27148
Severity: important
Released on: 25/02/2026
Advisory:
Bugzilla: 2442784
Bugzilla Description: storybook: Storybook: Remote Code Execution via WebSocket Hijacking
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27951
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442783
Bugzilla Description: freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27950
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442780
Bugzilla Description: freerdp: FreeRDP: Denial of service due to incomplete fix for heap-use-after-free vulnerability
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26986
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442782
Bugzilla Description: freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26965
Severity: important
Released on: 25/02/2026
Advisory: RHSA-2026:5936, RHSA-2026:5939,
Bugzilla: 2442959
Bugzilla Description: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages: freerdp-2:3.10.3-3.el10_0.3,freerdp-2:3.10.3-5.el10_1.3,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3172
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2443037
Bugzilla Description: pgvector: pgvector: Information disclosure or denial of service via buffer overflow in parallel HNSW index build
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-26955
Severity: important
Released on: 25/02/2026
Advisory: RHSA-2026:5936, RHSA-2026:5939,
Bugzilla: 2443132
Bugzilla Description: freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-805
Affected Packages: freerdp-2:3.10.3-3.el10_0.3,freerdp-2:3.10.3-5.el10_1.3,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27015
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442748
Bugzilla Description: freerdp: FreeRDP: Denial of Service via missing bounds check in smartcard redirection
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26271
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442758
Bugzilla Description: freerdp: FreeRDP: Denial of Service via crafted RDP Window Icon data
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25997
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442764
Bugzilla Description: freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25959
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442767
Bugzilla Description: freerdp: FreeRDP: Denial of Service via heap use-after-free in clipboard handling
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25955
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442754
Bugzilla Description: freerdp: FreeRDP: Denial of Service via use-after-free in xf_AppUpdateWindowFromSurface
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25954
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442751
Bugzilla Description: freerdp: FreeRDP: Use-after-free vulnerability leading to denial of service
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25953
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442757
Bugzilla Description: freerdp: FreeRDP: Denial of Service due to use-after-free vulnerability in window handling
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25952
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442768
Bugzilla Description: freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25942
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442756
Bugzilla Description: freerdp: FreeRDP: Denial of Service via out-of-bounds read from malicious server input
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25941
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442761
Bugzilla Description: freerdp: FreeRDP: Information disclosure or client crash via out-of-bounds read in RDPGFX channel
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-130
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27795
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442693
Bugzilla Description: langchain-core: @langchain/community: Server-Side Request Forgery (SSRF) bypass via redirect manipulation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-918
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-25554
Severity: important
Released on: 25/02/2026
Advisory:
Bugzilla: 2442687
Bugzilla Description: opensips: OpenSIPS: Authentication bypass due to SQL injection in JWT processing
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-89
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27794
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442692
Bugzilla Description: langgraph-checkpoint: LangGraph Checkpoint: Remote Code Execution via insecure deserialization in caching layer
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-502
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27727
Severity: important
Released on: 25/02/2026
Advisory: RHSA-2026:4285, RHSA-2026:3890,
Bugzilla: 2442671
Bugzilla Description: com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-502
Affected Packages: mchange-commons-java,
Package States: Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Debezium 2,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27699
Severity: important
Released on: 25/02/2026
Advisory:
Bugzilla: 2442644
Bugzilla Description: basic-ftp: basic-ftp: File overwrite due to path traversal
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3203
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442639
Bugzilla Description: wireshark: Buffer Over-read in Wireshark
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-126
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3202
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442640
Bugzilla Description: wireshark: NULL Pointer Dereference in Wireshark
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3201
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442641
Bugzilla Description: wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-1325
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-21725
Severity: low
Released on: 25/02/2026
Advisory:
Bugzilla: 2442609
Bugzilla Description: grafana: Grafana: Unauthorized data source deletion via time-of-create-to-time-of-use (TOCTOU) vulnerability
CVSS Score:
CVSSv3 Score: 2.6
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-11563
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442571
Bugzilla Description: wcurl: wcurl: Arbitrary file placement via crafted URLs
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3190
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2442572
Bugzilla Description: keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-280
Affected Packages:
Package States: Red Hat Build of Keycloak,
Full Details
CVE document

CVE-2026-26104
Severity: moderate
Released on: 25/02/2026
Advisory: RHSA-2026:5831, RHSA-2026:3476,
Bugzilla: 2433717
Bugzilla Description: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-862
Affected Packages: udisks2-0:2.10.90-5.el10_0.2,udisks2-0:2.10.90-6.el10_1.1,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26103
Severity: important
Released on: 25/02/2026
Advisory: RHSA-2026:5831, RHSA-2026:3476,
Bugzilla: 2433719
Bugzilla Description: udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-862
Affected Packages: udisks2-0:2.10.90-5.el10_0.2,udisks2-0:2.10.90-6.el10_1.1,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3184
Severity: low
Released on: 25/02/2026
Advisory:
Bugzilla: 2442570
Bugzilla Description: util-linux: util-linux: Access control bypass due to improper hostname canonicalization
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-289
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-27628
Severity: moderate
Released on: 25/02/2026
Advisory: RHSA-2026:4942, RHSA-2026:5168, RHSA-2026:5665,
Bugzilla: 2442543
Bugzilla Description: pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages: quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f,quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e,quay/quay-rhel8:sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad,
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,
Full Details
CVE document

CVE-2026-27606
Severity: important
Released on: 25/02/2026
Advisory: RHSA-2026:5649, RHSA-2026:5665, RHSA-2026:5132,
Bugzilla: 2442530
Bugzilla Description: rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-22
Affected Packages: openshift-service-mesh/kiali-rhel8:sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02,quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e,rhtas/rhtas-console-ui-rhel9:sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb,
Package States: OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Advanced Cluster Security 4,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of OptaPlanner 8,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat Single Sign-On 7,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1940
Severity: moderate
Released on: 25/02/2026
Advisory:
Bugzilla: 2436932
Bugzilla Description: gstreamer: incomplete fix of CVE-2026-1940
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27572
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442485
Bugzilla Description: wasmtime: Wasmtime: Denial of Service via excessive HTTP header fields
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Connectivity Link 1,
Full Details
CVE document

CVE-2026-27204
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442480
Bugzilla Description: wasmtime: Wasmtime: Denial of Service via guest-controlled resource exhaustion in WASI host interfaces
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Connectivity Link 1,
Full Details
CVE document

CVE-2026-27195
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442481
Bugzilla Description: wasmtime: Wasmtime: Denial of Service via repeated async function calls
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-248
Affected Packages:
Package States: Red Hat Connectivity Link 1,
Full Details
CVE document

CVE-2026-27571
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:5110,
Bugzilla: 2442401
Bugzilla Description: nats-server: WebSockets pre-auth memory DoS
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: multicluster-globalhub/multicluster-globalhub-grafana-rhel9:sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062,
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ceph Storage 7,Red Hat Ceph Storage 8,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-2807
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442296
Bugzilla Description: firefox: thunderbird: Memory safety bugs fixed in Firefox 148 and Thunderbird 148
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2806
Severity: low
Released on: 24/02/2026
Advisory:
Bugzilla: 2442306
Bugzilla Description: firefox: thunderbird: Uninitialized memory in the Graphics: Text component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2805
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442285
Bugzilla Description: firefox: thunderbird: Invalid pointer in the DOM: Core & HTML component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2804
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442332
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript: WebAssembly component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2803
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442338
Bugzilla Description: firefox: thunderbird: Information disclosure, mitigation bypass in the Settings UI component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2802
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442344
Bugzilla Description: firefox: thunderbird: Race condition in the JavaScript: GC component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2801
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442289
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2800
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442299
Bugzilla Description: firefox: thunderbird: Spoofing issue in the WebAuthn component in Firefox for Android
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2799
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442303
Bugzilla Description: firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2798
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442315
Bugzilla Description: firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2797
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442330
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript: GC component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2796
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442301
Bugzilla Description: firefox: thunderbird: JIT miscompilation in the JavaScript: WebAssembly component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2795
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442305
Bugzilla Description: firefox: Use-after-free in the JavaScript: GC component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2794
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442286
Bugzilla Description: firefox: Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2793
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442287
Bugzilla Description: firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2792
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442318
Bugzilla Description: firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2791
Severity: low
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442342
Bugzilla Description: firefox: thunderbird: Mitigation bypass in the Networking: Cache component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2790
Severity: low
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442313
Bugzilla Description: firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2788
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442302
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2789
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442322
Bugzilla Description: firefox: thunderbird: Use-after-free in the Graphics: ImageLib component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2787
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442297
Bugzilla Description: firefox: thunderbird: Use-after-free in the DOM: Window and Location component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2785
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442284
Bugzilla Description: firefox: thunderbird: Invalid pointer in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2786
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442320
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2784
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442304
Bugzilla Description: firefox: thunderbird: Mitigation bypass in the DOM: Security component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2783
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442300
Bugzilla Description: firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2782
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442331
Bugzilla Description: firefox: thunderbird: Privilege escalation in the Netmonitor component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2781
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442292
Bugzilla Description: firefox: thunderbird: Integer overflow in the Libraries component in NSS
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2779
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442327
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Networking: JAR component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2780
Severity: moderate
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442334
Bugzilla Description: firefox: thunderbird: Privilege escalation in the Netmonitor component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2778
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442335
Bugzilla Description: firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2776
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442291
Bugzilla Description: firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2777
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442312
Bugzilla Description: firefox: thunderbird: Privilege escalation in the Messaging System component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2775
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442314
Bugzilla Description: firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2774
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442290
Bugzilla Description: firefox: thunderbird: Integer overflow in the Audio/Video component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2773
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442319
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2772
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442326
Bugzilla Description: firefox: thunderbird: Use-after-free in the Audio/Video: Playback component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2771
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442288
Bugzilla Description: firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2770
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442343
Bugzilla Description: firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2769
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442295
Bugzilla Description: firefox: thunderbird: Use-after-free in the Storage: IndexedDB component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2768
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442298
Bugzilla Description: firefox: thunderbird: Sandbox escape in the Storage: IndexedDB component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2767
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442328
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript: WebAssembly component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2766
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442294
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2764
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442329
Bugzilla Description: firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2765
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442333
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2763
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442316
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2762
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442308
Bugzilla Description: firefox: thunderbird: Integer overflow in the JavaScript: Standard Library component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2761
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442309
Bugzilla Description: firefox: thunderbird: Sandbox escape in the Graphics: WebRender component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2760
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442325
Bugzilla Description: firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2759
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442307
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2758
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442337
Bugzilla Description: firefox: thunderbird: Use-after-free in the JavaScript: GC component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2757
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:3984, RHSA-2026:3980, RHSA-2026:4432, RHSA-2026:3981, RHSA-2026:3361, RHSA-2026:3982, RHSA-2026:3983, RHSA-2026:4152, RHSA-2026:3338, RHSA-2026:3978, RHSA-2026:3979, RHSA-2026:3517, RHSA-2026:3516, RHSA-2026:3976, RHSA-2026:3515, RHSA-2026:3339, RHSA-2026:4260, RHSA-2026:3491, RHSA-2026:3495, RHSA-2026:3494, RHSA-2026:3493, RHSA-2026:3492, RHSA-2026:4022, RHSA-2026:3497, RHSA-2026:3496,
Bugzilla: 2442324
Bugzilla Description: firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE:
Affected Packages: thunderbird-0:140.8.0-1.el9_0,thunderbird-0:140.8.0-1.el8_6,thunderbird-0:140.8.0-1.el9_6,thunderbird-0:140.8.0-1.el8_8,thunderbird-0:140.8.0-1.el9_7,thunderbird-0:140.8.0-1.el8_2,thunderbird-0:140.8.0-1.el9_2,thunderbird-0:140.8.0-1.el9_4,thunderbird-0:140.8.0-1.el8_10,firefox-0:140.8.0-2.el8_2,firefox-0:140.8.0-2.el9_0,firefox-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el8_10,firefox-0:140.8.0-2.el9_2,firefox-0:140.8.0-2.el8_6,firefox-0:140.8.0-2.el9_4,firefox-0:140.8.0-2.el7_9,firefox-0:140.8.0-2.el8_8,firefox-0:140.8.0-2.el9_7,firefox-0:140.8.0-2.el9_6,firefox-0:140.8.0-2.el10_1,thunderbird-0:140.8.0-2.el8_4,firefox-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_0,thunderbird-0:140.8.0-2.el10_1,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-3121
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442277
Bugzilla Description: keycloak: org.keycloak/keycloak-services: Keycloak: Privilege escalation via manage-clients permission
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-266
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-26981
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442135
Bugzilla Description: openexr: OpenEXR: Denial of Service via heap-buffer-overflow when parsing a malformed EXR file
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26331
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442143
Bugzilla Description: yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-78
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-26983
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442134
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via invalid MSL map element processing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-26284
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442137
Bugzilla Description: ImageMagick: ImageMagick: Out-of-bounds read via crafted Photo CD (PCD) files
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-26283
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442140
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted image leading to an infinite loop
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-26066
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442142
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted IPTC data
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25989
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442136
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted SVG file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25988
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442101
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service due to memory leak in image processing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25987
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442115
Bugzilla Description: ImageMagick: ImageMagick: Memory disclosure and denial of service via crafted MAP files
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25986
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442111
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via malicious YUV image processing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25985
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:5573,
Bugzilla: 2442127
Bugzilla Description: ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: ImageMagick-0:6.9.10.68-13.el7_9,
Package States: Red Hat Enterprise Linux 6,
Full Details
CVE document

CVE-2026-25983
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442113
Bugzilla Description: ImageMagick: ImageMagick: Denial of service via crafted MSL script
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25982
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442124
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service or Information Disclosure via heap out-of-bounds read in DICOM file processing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25971
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442117
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via circular references in MSL files
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-606
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25970
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442108
Bugzilla Description: ImageMagick: ImageMagick: Memory corruption and denial of service via signed integer overflow in SIXEL decoder.
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25969
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442116
Bugzilla Description: ImageMagick: ImageMagick: Memory leak leading to denial of service via image processing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25968
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442125
Bugzilla Description: ImageMagick: ImageMagick: Memory corruption via stack buffer overflow when processing an attribute
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25967
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442126
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted FTXT file
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25966
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442122
Bugzilla Description: ImageMagick: ImageMagick: Policy bypass allows unauthorized access to standard streams via fd: pseudo-filenames
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-184
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25965
Severity: important
Released on: 24/02/2026
Advisory: RHSA-2026:5573,
Bugzilla: 2442118
Bugzilla Description: ImageMagick: ImageMagick: Local File Disclosure via Path Traversal
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-22
Affected Packages: ImageMagick-0:6.9.10.68-13.el7_9,
Package States: Red Hat Enterprise Linux 6,
Full Details
CVE document

CVE-2026-25898
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442102
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure or denial of service via crafted image with invalid pixel index
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25897
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442098
Bugzilla Description: ImageMagick: ImageMagick: Out-of-bounds heap write via integer overflow in sun decoder
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25799
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442120
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via YUV sampling factor validation error
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25798
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442119
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted image file
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25797
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442106
Bugzilla Description: ImageMagick: ImageMagick: Arbitrary code execution via crafted PostScript files
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-3099
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442232
Bugzilla Description: libsoup: Libsoup: Authentication bypass via digest authentication replay attack
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-323
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25796
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442112
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service Vulnerability
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25795
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442099
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service due to NULL pointer dereference during temporary file creation failure
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25794
Severity: important
Released on: 24/02/2026
Advisory:
Bugzilla: 2442110
Bugzilla Description: ImageMagick: ImageMagick: Denial of service and potential arbitrary code execution via integer overflow in image processing
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25638
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442105
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service due to memory leak in image processing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25637
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442114
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted image due to memory leak
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-25576
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442093
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure due to heap buffer over-read when processing malformed images
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-24485
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442091
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via malformed PCD file processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-24484
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442085
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service vulnerability via multi-layer nested MVG to SVG conversion
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-3118
Severity: moderate
Released on: 24/02/2026
Advisory:
Bugzilla: 2442273
Bugzilla Description: rhdh: GraphQL Injection Leading to Platform-Wide Denial of Service (DoS) in RH Developer Hub Orchestrator Plugin
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-89
Affected Packages:
Package States: Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-27623
Severity: important
Released on: 23/02/2026
Advisory:
Bugzilla: 2442021
Bugzilla Description: Valkey: Valkey: Denial of Service via specially crafted network requests
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-21863
Severity: important
Released on: 23/02/2026
Advisory: RHSA-2026:3507, RHSA-2026:5445, RHSA-2026:3443,
Bugzilla: 2442026
Bugzilla Description: valkey: Valkey: Denial of Service via invalid clusterbus packet
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-125
Affected Packages: valkey-0:8.0.7-1.el9_7,valkey-0:8.0.7-1.el10_0,valkey-0:8.0.7-1.el10_1,
Package States:
Full Details
CVE document

CVE-2025-67733
Severity: important
Released on: 23/02/2026
Advisory: RHSA-2026:3507, RHSA-2026:5445, RHSA-2026:3443,
Bugzilla: 2442025
Bugzilla Description: Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-170
Affected Packages: valkey-0:8.0.7-1.el9_7,valkey-0:8.0.7-1.el10_0,valkey-0:8.0.7-1.el10_1,
Package States:
Full Details
CVE document

CVE-2026-25747
Severity: important
Released on: 23/02/2026
Advisory:
Bugzilla: 2441910
Bugzilla Description: org.apache.camel/camel-leveldb: Apache Camel LevelDB: Arbitrary code execution via deserialization of untrusted data
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2025-14905
Severity: moderate
Released on: 23/02/2026
Advisory: RHSA-2026:3379, RHSA-2026:5568, RHSA-2026:5513, RHSA-2026:5514, RHSA-2026:5569, RHSA-2026:3208, RHSA-2026:3504, RHSA-2026:4207, RHSA-2026:5196, RHSA-2026:5597, RHSA-2026:5576, RHSA-2026:5598, RHSA-2026:5511, RHSA-2026:5512, RHSA-2026:4720, RHSA-2026:3189, RHSA-2026:4661,
Bugzilla: 2423624
Bugzilla Description: 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow
CVSS Score:
CVSSv3 Score: 7.2
Vector:
CWE: CWE-122
Affected Packages: 389-ds:1.4-8080020260227183930.6dbb3803,redhat-ds:11-8060020260303152239.0ca98e7e,389-ds:1.4-8100020260312103235.25e700aa,389-ds-base-0:2.4.5-24.el9_4,389-ds-base-0:3.1.3-7.el10_1,389-ds-base-0:2.7.0-10.el9_7,389-ds-base-0:3.0.6-17.el10_0,389-ds:1.4-8020020260303204738.dbc46ba7,redhat-ds:12-9040020260225135630.1674d574,389-ds-base-0:2.0.14-5.el9_0,dirsrv/dirsrv-container-rhel10:sha256:5e49efa2b8764403fad13b81c968b76c7b6400fabd83bf95e2f7667b90e93ab5,389-ds-base-0:2.2.4-17.el9_2,389-ds:1.4-8060020260303144613.824efc52,redhat-ds:11-8080020260227193008.f969626e,redhat-ds:11-8100020260312105752.37ed7c03,redhat-ds:12-9020020260304180546.1674d574,389-ds-base-0:2.6.1-20.el9_6,
Package States: Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-61145
Severity: moderate
Released on: 23/02/2026
Advisory:
Bugzilla: 2441975
Bugzilla Description: libtiff: libtiff: Denial of service via double free in tiffcrop.c
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-1341
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-61144
Severity: moderate
Released on: 23/02/2026
Advisory:
Bugzilla: 2441977
Bugzilla Description: libtiff: libtiff: Denial of Service via buffer overflow
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-61143
Severity: moderate
Released on: 23/02/2026
Advisory:
Bugzilla: 2441978
Bugzilla Description: libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3062
Severity: important
Released on: 23/02/2026
Advisory:
Bugzilla: 2442071
Bugzilla Description: chromium-browser: Out of bounds read and write in Tint
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3061
Severity: important
Released on: 23/02/2026
Advisory:
Bugzilla: 2442073
Bugzilla Description: chromium-browser: Out of bounds read in Media
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3063
Severity: important
Released on: 23/02/2026
Advisory:
Bugzilla: 2442074
Bugzilla Description: chromium-browser: Inappropriate implementation in DevTools
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2913
Severity: low
Released on: 22/02/2026
Advisory:
Bugzilla: 2441715
Bugzilla Description: libvips: libvips: Denial of Service via heap-based buffer overflow in vips_source_read_to_memory
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-2903
Severity: low
Released on: 22/02/2026
Advisory:
Bugzilla: 2441707
Bugzilla Description: re2c: re2c: Denial of Service via null pointer dereference
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-27205
Severity: moderate
Released on: 21/02/2026
Advisory:
Bugzilla: 2441596
Bugzilla Description: flask: Flask: Information disclosure via improper caching of session data
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-524
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-27134
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2441564
Bugzilla Description: strimzi-kafka-operator: Strimzi: Unauthorized authentication via misconfigured mTLS CA chain
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-295
Affected Packages:
Package States: streams for Apache Kafka 2,streams for Apache Kafka 2,streams for Apache Kafka 3,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27133
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441519
Bugzilla Description: strimzi-kafka-operator: Strimzi: Improper certificate validation allows unauthorized access via CA chain misconfiguration
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-295
Affected Packages:
Package States: streams for Apache Kafka 2,streams for Apache Kafka 2,streams for Apache Kafka 3,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27125
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441511
Bugzilla Description: svelte: Svelte SSR attribute spreading includes inherited properties from prototype chain
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-915
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,
Full Details
CVE document

CVE-2026-27122
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441520
Bugzilla Description: svelte: Svelte SSR does not validate dynamic element tag names in ``
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,
Full Details
CVE document

CVE-2026-27121
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441532
Bugzilla Description: svelte: Svelte affected by cross-site scripting via spread attributes in Svelte SSR
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,
Full Details
CVE document

CVE-2026-27119
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441526
Bugzilla Description: svelte: Svelte affected by XSS in SSR `

CVE-2026-2048
Severity: important
Released on: 20/02/2026
Advisory: RHSA-2026:5391, RHSA-2026:4173, RHSA-2026:5436, RHSA-2026:5437, RHSA-2026:5390, RHSA-2026:5113, RHSA-2026:5388, RHSA-2026:5389, RHSA-2026:5434, RHSA-2026:5435,
Bugzilla: 2441527
Bugzilla Description: gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages: gimp-2:2.99.8-3.el9_0.5,gimp-2:2.99.8-4.el9_2.5,gimp:2.8-8020020260319131243.c3a0935b,gimp:2.8-8040020260320114321.70584597,gimp:2.8-8080020260319123205.0621e4ee,gimp-2:2.99.8-4.el9_6.6,gimp-2:3.0.4-1.el9_7.4,gimp-2:2.99.8-4.el9_4.5,gimp:2.8-8100020260312152017.4c9c024f,gimp:2.8-8060020260319125557.6af1eaf0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2047
Severity: important
Released on: 20/02/2026
Advisory: RHSA-2026:4173,
Bugzilla: 2441517
Bugzilla Description: gimp: GIMP: Remote code execution via heap-based buffer overflow in ICNS file parsing
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-131
Affected Packages: gimp-2:3.0.4-1.el9_7.4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-2045
Severity: important
Released on: 20/02/2026
Advisory: RHSA-2026:5391, RHSA-2026:4173, RHSA-2026:5436, RHSA-2026:5437, RHSA-2026:5390, RHSA-2026:5113, RHSA-2026:5388, RHSA-2026:5389, RHSA-2026:5434, RHSA-2026:5435,
Bugzilla: 2441522
Bugzilla Description: gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-787
Affected Packages: gimp-2:2.99.8-3.el9_0.5,gimp-2:2.99.8-4.el9_2.5,gimp:2.8-8020020260319131243.c3a0935b,gimp:2.8-8040020260320114321.70584597,gimp:2.8-8080020260319123205.0621e4ee,gimp-2:2.99.8-4.el9_6.6,gimp-2:3.0.4-1.el9_7.4,gimp-2:2.99.8-4.el9_4.5,gimp:2.8-8100020260312152017.4c9c024f,gimp:2.8-8060020260319125557.6af1eaf0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2044
Severity: important
Released on: 20/02/2026
Advisory: RHSA-2026:5391, RHSA-2026:4173, RHSA-2026:5436, RHSA-2026:5437, RHSA-2026:5390, RHSA-2026:5113, RHSA-2026:5388, RHSA-2026:5389, RHSA-2026:5434, RHSA-2026:5435,
Bugzilla: 2441521
Bugzilla Description: gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-908
Affected Packages: gimp-2:2.99.8-3.el9_0.5,gimp-2:2.99.8-4.el9_2.5,gimp:2.8-8020020260319131243.c3a0935b,gimp:2.8-8040020260320114321.70584597,gimp:2.8-8080020260319123205.0621e4ee,gimp-2:2.99.8-4.el9_6.6,gimp-2:3.0.4-1.el9_7.4,gimp-2:2.99.8-4.el9_4.5,gimp:2.8-8100020260312152017.4c9c024f,gimp:2.8-8060020260319125557.6af1eaf0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-2492
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2441510
Bugzilla Description: tensorflow: TensorFlow: Local privilege escalation via uncontrolled search path for plugins
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-427
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-0797
Severity: important
Released on: 20/02/2026
Advisory: RHSA-2026:5391, RHSA-2026:4173, RHSA-2026:5436, RHSA-2026:5437, RHSA-2026:5390, RHSA-2026:5113, RHSA-2026:5388, RHSA-2026:5389, RHSA-2026:5434, RHSA-2026:5435,
Bugzilla: 2441524
Bugzilla Description: gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: gimp-2:2.99.8-3.el9_0.5,gimp-2:2.99.8-4.el9_2.5,gimp:2.8-8020020260319131243.c3a0935b,gimp:2.8-8040020260320114321.70584597,gimp:2.8-8080020260319123205.0621e4ee,gimp-2:2.99.8-4.el9_6.6,gimp-2:3.0.4-1.el9_7.4,gimp-2:2.99.8-4.el9_4.5,gimp:2.8-8100020260312152017.4c9c024f,gimp:2.8-8060020260319125557.6af1eaf0,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-27026
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441495
Bugzilla Description: pypdf: pypdf: Denial of Service via malformed PDF /FlateDecode stream
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1050
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27025
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441494
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF with large font values
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1050
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27024
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441490
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF with TreeObject outlines
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-25896
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2441501
Bugzilla Description: fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Developer Hub,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-2472
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2441472
Bugzilla Description: google-cloud-aiplatform: google-cloud-aiplatform: Arbitrary code execution via Stored Cross-Site Scripting (XSS)
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-2818
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2441384
Bugzilla Description: org.springframework.data/spring-data-geode: Spring Data Geode: Path traversal vulnerability allows arbitrary file write via import snapshot functionality.
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Fuse 7,
Full Details
CVE document

CVE-2026-21620
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441326
Bugzilla Description: erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-2739
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2441279
Bugzilla Description: bn.js: bn.js: Denial of Service via calling maskn(0)
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat build of Apicurio Registry 2,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Quay 3,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-26996
Severity: moderate
Released on: 20/02/2026
Advisory: RHSA-2026:4942, RHSA-2026:5168, RHSA-2026:5665,
Bugzilla: 2441268
Bugzilla Description: minimatch: minimatch: Denial of Service via specially crafted glob patterns
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages: quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f,quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e,quay/quay-rhel8:sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad,
Package States: Cryostat 4,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Migration Toolkit for Applications 8,Node HealthCheck Operator,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,Self-service automation portal 2,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-26960
Severity: moderate
Released on: 20/02/2026
Advisory: RHSA-2026:5447,
Bugzilla: 2441253
Bugzilla Description: tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-22
Affected Packages: rhtas/rekor-search-ui-rhel9:sha256:865dd51e80034018400794d07edc0b546c6e4de7e2351dddc7f1f6378e1ffdd0,
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Network Observability Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel - HawtIO 4,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-26967
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2441242
Bugzilla Description: pjsip: PJSIP: Arbitrary code execution via H.264 unpacketizer heap-based buffer overflow
CVSS Score:
CVSSv3 Score: 8.4
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3196
Severity: moderate
Released on: 20/02/2026
Advisory:
Bugzilla: 2443789
Bugzilla Description: qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3195
Severity: important
Released on: 20/02/2026
Advisory:
Bugzilla: 2443817
Bugzilla Description: qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for CVE-2024-7730)
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-26963
Severity: moderate
Released on: 19/02/2026
Advisory:
Bugzilla: 2441217
Bugzilla Description: cilium: Cilium: Information disclosure via incorrect traffic permitting with specific network configurations
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-266
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Multicluster Global Hub,Network Observability Operator,Network Observability Operator,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-26958
Severity: low
Released on: 19/02/2026
Advisory:
Bugzilla: 2441221
Bugzilla Description: filippo.io/edwards25519: filippo.io/edwards25519: Cryptographic integrity bypass due to incorrect MultiScalarMult results
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-824
Affected Packages:
Package States: Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Custom Metric Autoscaler operator for Red Hat Openshift,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift GitOps,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Security Profiles Operator,Security Profiles Operator,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-24122
Severity: low
Released on: 19/02/2026
Advisory:
Bugzilla: 2441194
Bugzilla Description: sigstore/cosign: sigstore/cosign: Incorrect signature validation due to expired issuing certificate bypass
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-295
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Security Profiles Operator,Security Profiles Operator,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-26318
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2441124
Bugzilla Description: systeminformation: systeminformation: Arbitrary code execution via unsanitized `locate` output
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-26280
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2441121
Bugzilla Description: systeminformation: systeminformation: Arbitrary command execution via unsanitized network interface parameter
CVSS Score:
CVSSv3 Score: 8.4
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-26278
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2441120
Bugzilla Description: fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Developer Hub,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-26200
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2441088
Bugzilla Description: hdf5: HDF5: Denial of Service due to heap buffer overflow when parsing a crafted h5 file
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-2817
Severity: moderate
Released on: 19/02/2026
Advisory:
Bugzilla: 2441042
Bugzilla Description: org.springframework.data/spring-data-geode: Spring Data Geode: Information disclosure via insecure temporary directory for snapshot imports
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-379
Affected Packages:
Package States: Red Hat Fuse 7,
Full Details
CVE document

CVE-2026-24834
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2441025
Bugzilla Description: containerd-shim-kata-v2: Kata Containers: Arbitrary code execution in guest virtual machine via file system modification
CVSS Score:
CVSSv3 Score: 9.3
Vector:
CWE: CWE-281
Affected Packages:
Package States: Confidential Compute Attestation,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-25940
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2441016
Bugzilla Description: jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children)
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-116
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-25755
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2440993
Bugzilla Description: jsPDF: PDF object injection via unsanitized input in addJS method
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-25535
Severity: important
Released on: 19/02/2026
Advisory:
Bugzilla: 2440992
Bugzilla Description: jsPDF: denial of service via malicious GIF dimensions
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-2733
Severity: low
Released on: 19/02/2026
Advisory: RHSA-2026:3947, RHSA-2026:3948,
Bugzilla: 2440895
Bugzilla Description: org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
CVSS Score:
CVSSv3 Score: 3.8
Vector:
CWE: CWE-285
Affected Packages: rhbk/keycloak-rhel9,rhbk/keycloak-operator-bundle:26.4.10-1,rhbk/keycloak-rhel9-operator:26.4-12,rhbk/keycloak-rhel9:26.4-12,
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2025-69725
Severity: moderate
Released on: 19/02/2026
Advisory:
Bugzilla: 2441027
Bugzilla Description: go-chi/chi: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-601
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Security Profiles Operator,Security Profiles Operator,Security Profiles Operator,Security Profiles Operator,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-2708
Severity: low
Released on: 18/02/2026
Advisory:
Bugzilla: 2440743
Bugzilla Description: libsoup: libsoup: HTTP Request Smuggling via Duplicate Content-Length Headers
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-444
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-25500
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440738
Bugzilla Description: rubygem-rack: Rack stored XSS in Rack::Directory
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-22860
Severity: important
Released on: 18/02/2026
Advisory:
Bugzilla: 2440737
Bugzilla Description: rubygem-rack: Rack Directory Traversal via Rack:Directory
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-14009
Severity: important
Released on: 18/02/2026
Advisory:
Bugzilla: 2440724
Bugzilla Description: nltk: Zip Slip Vulnerability in nltk Leading to Code Execution
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-27100
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440637
Bugzilla Description: org.jenkins-ci.main/jenkins-core: Jenkins: Information disclosure via unauthorized access to build parameters
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-551
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,
Full Details
CVE document

CVE-2026-27099
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440638
Bugzilla Description: org.jenkins-ci.main/jenkins-core: Jenkins: Stored Cross-site Scripting (XSS) via unescaped user-provided offline cause description
CVSS Score:
CVSSv3 Score: 4.6
Vector:
CWE: CWE-79
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,
Full Details
CVE document

CVE-2026-2641
Severity: low
Released on: 18/02/2026
Advisory:
Bugzilla: 2440536
Bugzilla Description: ctags: ctags: Denial of Service due to uncontrolled recursion
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-27171
Severity: low
Released on: 18/02/2026
Advisory:
Bugzilla: 2440530
Bugzilla Description: zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-2681
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440580
Bugzilla Description: github.com/supranational/blst: blst cryptographic library: Denial of Service via out-of-bounds stack write in key generation
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-23211
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440614
Bugzilla Description: kernel: mm, swap: restore swap_space attr aviod kernel panic
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-280
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71228
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440615
Bugzilla Description: kernel: LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23218
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440618
Bugzilla Description: kernel: gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23219
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440620
Bugzilla Description: kernel: mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23215
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440621
Bugzilla Description: kernel: x86/vmware: Fix hypercall clobbers
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71225
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440627
Bugzilla Description: kernel: md: suspend array while updating raid_disks via sysfs
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23216
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440630
Bugzilla Description: kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-413
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23214
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440631
Bugzilla Description: kernel: btrfs: reject new transactions if the fs is fully read-only
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23212
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440633
Bugzilla Description: kernel: bonding: annotate data-races around slave->last_rx
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23217
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440634
Bugzilla Description: kernel: riscv: trace: fix snapshot deadlock with sbi ecall
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71227
Severity: low
Released on: 18/02/2026
Advisory:
Bugzilla: 2440641
Bugzilla Description: kernel: wifi: mac80211: don't WARN for connections on invalid channels
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-393
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23213
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440642
Bugzilla Description: kernel: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71226
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440647
Bugzilla Description: kernel: wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71230
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440655
Bugzilla Description: kernel: hfs: ensure sb->s_fs_info is always cleaned up
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71235
Severity: low
Released on: 18/02/2026
Advisory:
Bugzilla: 2440656
Bugzilla Description: kernel: scsi: qla2xxx: Delay module unload while fabric scan in progress
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23228
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440657
Bugzilla Description: kernel: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23230
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440658
Bugzilla Description: kernel: Linux kernel: Denial of Service in SMB client due to race condition
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-821
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23220
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440659
Bugzilla Description: kernel: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71231
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440660
Bugzilla Description: kernel: Linux kernel: Denial of Service due to out-of-bounds index in IAA crypto module
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23224
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440661
Bugzilla Description: kernel: Linux kernel erofs: Denial of Service via Use-After-Free in file-backed directio mounts
CVSS Score:
CVSSv3 Score: 6.6
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23221
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440662
Bugzilla Description: kernel: bus: fsl-mc: fix use-after-free in driver_override_show()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-663
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71236
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440663
Bugzilla Description: kernel: Linux kernel qla2xxx driver: Denial of Service via NULL pointer dereference during fabric async scan cleanup
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23229
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440664
Bugzilla Description: kernel: Kernel: Denial of Service in virtio-crypto due to missing spinlock protection
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-820
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23222
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440665
Bugzilla Description: kernel: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71229
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440666
Bugzilla Description: kernel: wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71233
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440667
Bugzilla Description: kernel: Linux kernel: Denial of Service via NULL pointer dereference in PCI endpoint configfs during asynchronous sub-group creation
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71232
Severity: low
Released on: 18/02/2026
Advisory:
Bugzilla: 2440668
Bugzilla Description: kernel: scsi: qla2xxx: Free sp in error path to fix system crash
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71234
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440669
Bugzilla Description: kernel: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71237
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440671
Bugzilla Description: kernel: nilfs2: Fix potential block overflow that cause system hang
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23227
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440672
Bugzilla Description: kernel: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23223
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440674
Bugzilla Description: kernel: xfs: fix UAF in xchk_btree_check_block_owner
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23226
Severity:
Released on: 18/02/2026
Advisory:
Bugzilla: 2440675
Bugzilla Description: kernel: ksmbd: add chann_lock to protect ksmbd_chann_list xarray
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23225
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440676
Bugzilla Description: kernel: Kernel: Denial of Service and potential memory corruption via mmcid mode switch race condition
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2648
Severity: important
Released on: 18/02/2026
Advisory:
Bugzilla: 2440791
Bugzilla Description: chromium-browser: Heap buffer overflow in PDFium
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2649
Severity: important
Released on: 18/02/2026
Advisory:
Bugzilla: 2440795
Bugzilla Description: chromium-browser: Integer overflow in V8
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2650
Severity: moderate
Released on: 18/02/2026
Advisory:
Bugzilla: 2440808
Bugzilla Description: chromium-browser: Heap buffer overflow in Media
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-24734
Severity: important
Released on: 17/02/2026
Advisory: RHSA-2026:5612, RHSA-2026:5611,
Bugzilla: 2440426
Bugzilla Description: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-295
Affected Packages: jws6-tomcat-native-0:1.3.6-1.redhat_1.el10jws,jws6-tomcat-native-0:1.3.6-1.redhat_1.el9jws,tomcat,jws6-tomcat-native-0:1.3.6-1.redhat_1.el8jws,jws6-tomcat-0:10.1.49-9.redhat_00007.1.el10jws,jws6-tomcat-0:10.1.49-9.redhat_00007.1.el8jws,jws6-tomcat-0:10.1.49-9.redhat_00007.1.el9jws,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,
Full Details
CVE document

CVE-2026-24733
Severity: low
Released on: 17/02/2026
Advisory:
Bugzilla: 2440437
Bugzilla Description: tomcat: security constraint bypass with HTTP/0.9
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Web Server 5,Red Hat JBoss Web Server 6,
Full Details
CVE document