CVE-2026-3608
Severity: important
Released on: 25/03/2026
Advisory:
Bugzilla: 2451139
Bugzilla Description: Kea: Kea: Denial of Service via maliciously crafted message
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-23322
Severity:
Released on: 25/03/2026
Advisory:
Bugzilla: 2451278
Bugzilla Description: kernel: ipmi: Fix use-after-free and list corruption on sender error
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23327
Severity: moderate
Released on: 25/03/2026
Advisory:
Bugzilla: 2451279
Bugzilla Description: kernel: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3889
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2451006
Bugzilla Description: thunderbird: Spoofing issue in Thunderbird
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-20
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33412
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450907
Bugzilla Description: vim: Vim: Arbitrary code execution via command injection in glob() function
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33349
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450909
Bugzilla Description: fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Data Grid 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32948
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450890
Bugzilla Description: org.scala-sbt/sbt: sbt: Arbitrary command execution via unvalidated URI fragments on Windows
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-32854
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450845
Bugzilla Description: LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32853
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450843
Bugzilla Description: LibVNCServer: LibVNCServer: Information disclosure or Denial of Service via heap out-of-bounds read in UltraZip encoding
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4775
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450768
Bugzilla Description: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27651
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450791
Bugzilla Description: NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27654
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450776
Bugzilla Description: NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28755
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450779
Bugzilla Description: NGINX: NGINX: Certificate revocation bypass when OCSP is enabled
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28753
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450780
Bugzilla Description: NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-27784
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450785
Bugzilla Description: NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4729
Severity: important
Released on: 24/03/2026
Advisory:
Bugzilla: 2450745
Bugzilla Description: firefox: Memory safety bugs fixed in Firefox 149 and Thunderbird 149
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4728
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450717
Bugzilla Description: firefox: Spoofing issue in the Privacy: Anti-Tracking component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-290
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4727
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450753
Bugzilla Description: firefox: Denial-of-service in the Libraries component in NSS
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4726
Severity: low
Released on: 24/03/2026
Advisory:
Bugzilla: 2450731
Bugzilla Description: firefox: Denial-of-service in the XML component
CVSS Score:
CVSSv3 Score: 3.4
Vector:
CWE: CWE-776
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4725
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450716
Bugzilla Description: firefox: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4723
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450743
Bugzilla Description: firefox: Use-after-free in the JavaScript Engine component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4724
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450749
Bugzilla Description: firefox: Undefined behavior in the Audio/Video component
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-475
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4722
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450737
Bugzilla Description: firefox: Privilege escalation in the IPC component
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-270
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4649
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450641
Bugzilla Description: Apache Artemis: KNIME Business Hub: Apache Artemis and KNIME Business Hub: Authentication bypass allows information disclosure and message injection.
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of OptaPlanner 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-32642
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450642
Bugzilla Description: Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription.
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of OptaPlanner 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-3260
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2443010
Bugzilla Description: undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat Data Grid 8,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-33306
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450565
Bugzilla Description: github.com/bcrypt-ruby/bcrypt-ruby: bcrypt-ruby (JRuby): Weakened password hashing due to integer overflow
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33554
Severity: moderate
Released on: 24/03/2026
Advisory:
Bugzilla: 2450778
Bugzilla Description: freeipmi: buffer overflows on response messages via ipmi-oem
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-33211
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450554
Bugzilla Description: Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-22
Affected Packages:
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-33252
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450542
Bugzilla Description: encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-940
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-33202
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450547
Bugzilla Description: rails: Active Storage: Unintended file deletion via crafted blob keys
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33195
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450546
Bugzilla Description: Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33176
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450551
Bugzilla Description: Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33174
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450544
Bugzilla Description: Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33173
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450545
Bugzilla Description: Rails: Active Storage: Rails Active Storage: Content type bypass via arbitrary metadata in direct uploads
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33170
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450543
Bugzilla Description: Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33169
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450556
Bugzilla Description: rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-33168
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450549
Bugzilla Description: actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,
Full Details
CVE document

CVE-2026-33167
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450552
Bugzilla Description: Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-29111
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450505
Bugzilla Description: systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-26209
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450422
Bugzilla Description: cbor2: cbor2: Denial of Service due to uncontrolled recursion via crafted CBOR payloads
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3635
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450330
Bugzilla Description: fastify: request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-348
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-4603
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450205
Bugzilla Description: jsrsasign: jsrsasign: Cryptographic operations impacted by division by zero via malicious JSON Web Key
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-369
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4601
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450209
Bugzilla Description: jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing
CVSS Score:
CVSSv3 Score: 8.7
Vector:
CWE: CWE-325
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4599
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450207
Bugzilla Description: jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-338
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4598
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450210
Bugzilla Description: jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1287
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4602
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450206
Bugzilla Description: jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-681
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4600
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450208
Bugzilla Description: jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-347
Affected Packages:
Package States: Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,Red Hat Quay 3,Red Hat Quay 3,
Full Details
CVE document

CVE-2026-4628
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450240
Bugzilla Description: keycloak: org.keycloak.authorization: Keycloak: Unauthorized resource modification due to improper access control
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-284
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-4647
Severity: moderate
Released on: 23/03/2026
Advisory:
Bugzilla: 2450302
Bugzilla Description: binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4678
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450564
Bugzilla Description: chromium-browser: Use after free in WebGPU
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4674
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450567
Bugzilla Description: chromium-browser: Out of bounds read in CSS
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4680
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450568
Bugzilla Description: chromium-browser: Use after free in FedCM
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4673
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450569
Bugzilla Description: chromium-browser: Heap buffer overflow in WebAudio
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4675
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450570
Bugzilla Description: chromium-browser: Heap buffer overflow in WebGL
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4676
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450571
Bugzilla Description: chromium-browser: Use after free in Dawn
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4679
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450572
Bugzilla Description: chromium-browser: Integer overflow in Fonts
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4677
Severity: important
Released on: 23/03/2026
Advisory:
Bugzilla: 2450573
Bugzilla Description: chromium-browser: Out of bounds read in WebAudio
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4539
Severity: low
Released on: 22/03/2026
Advisory:
Bugzilla: 2450066
Bugzilla Description: pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1333
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Lightspeed Core,Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-4538
Severity: moderate
Released on: 22/03/2026
Advisory:
Bugzilla: 2450062
Bugzilla Description: pytorch: PyTorch: Deserialization vulnerability in pt2 Loading Handler allows local impact
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-502
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2019-25544
Severity: moderate
Released on: 21/03/2026
Advisory:
Bugzilla: 2449948
Bugzilla Description: Pidgin: Pidgin: Denial of Service via excessively long username
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-33210
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449871
Bugzilla Description: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-134
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat AMQ Clients,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-33236
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449824
Bugzilla Description: nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33231
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449836
Bugzilla Description: nltk: NLTK: Denial of Service via unauthenticated remote shutdown
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-306
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33230
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449825
Bugzilla Description: nltk: NLTK: Script execution via reflected cross-site scripting in WordNet Browser
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33204
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449822
Bugzilla Description: SimpleJWT: SimpleJWT: Denial of Service via JWE header tampering
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-325
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,
Full Details
CVE document

CVE-2026-33186
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449833
Bugzilla Description: golang: google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33180
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449841
Bugzilla Description: HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,
Full Details
CVE document

CVE-2026-33155
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449786
Bugzilla Description: deepdiff: python: DeepDiff: Denial of Service via unrestricted memory allocation in pickle unpickler
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-502
Affected Packages:
Package States: Pen Drive Powered by Red Hat Lightspeed,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33154
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449774
Bugzilla Description: dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-917
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,
Full Details
CVE document

CVE-2026-33151
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449789
Bugzilla Description: socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,
Full Details
CVE document

CVE-2026-4438
Severity: low
Released on: 20/03/2026
Advisory:
Bugzilla: 2449783
Bugzilla Description: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE: CWE-838
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4437
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449777
Bugzilla Description: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32710
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449711
Bugzilla Description: MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4519
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449649
Bugzilla Description: python: Python: Command-line option injection in webbrowser.open() via crafted URLs
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-88
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-33132
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449597
Bugzilla Description: github.com/zitadel: ZITADEL: Authentication bypass allows sign-in with other organization's users
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,
Full Details
CVE document

CVE-2026-32595
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449591
Bugzilla Description: traefik: Traefik: Username enumeration via timing attack in BasicAuth middleware
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-208
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-32305
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449595
Bugzilla Description: Traefik: github.com/traefik/traefik: Traefik: mTLS bypass allows unauthorized service access via fragmented ClientHello.
CVSS Score:
CVSSv3 Score: 8.3
Vector:
CWE: CWE-179
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,Red Hat OpenShift GitOps,
Full Details
CVE document

CVE-2026-33123
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449585
Bugzilla Description: pypdf: pypdf: Denial of Service due to excessive resource consumption from crafted PDF
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-33022
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449483
Bugzilla Description: github.com/tektoncd/pipeline: Tekton Pipelines: Denial of Service via long resolver names
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-130
Affected Packages:
Package States: Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,Builds for Red Hat OpenShift,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-33056
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449490
Bugzilla Description: tar-rs: tar-rs: Arbitrary directory permission modification via crafted tar archive
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-59
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Lightspeed Core,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,Pen Drive Powered by Red Hat Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Discovery 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-33036
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449458
Bugzilla Description: fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: Migration Toolkit for Applications 8,Red Hat Advanced Cluster Security 4,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat Satellite 6,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-33013
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449457
Bugzilla Description: micronaut-core: Micronaut Framework: Micronaut Framework: Denial of Service via crafted form parameters
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-33012
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449450
Bugzilla Description: Micronaut Framework: micronaut-core: Micronaut Framework: Denial of Service via unbounded cache in HTML error response handling
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-32947
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449437
Bugzilla Description: harden-runner: Harden-Runner: Data exfiltration via DNS over HTTPS (DoH) bypass
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-807
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Gatekeeper 3,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,
Full Details
CVE document

CVE-2026-32946
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449438
Bugzilla Description: step-security/harden-runner: Harden-Runner: Egress policy bypass via DNS over TCP
CVSS Score:
CVSSv3 Score: 4.9
Vector:
CWE: CWE-791
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Gatekeeper 3,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Red Hat OpenShift for Windows Containers,Red Hat OpenShift for Windows Containers,
Full Details
CVE document

CVE-2026-32889
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449419
Bugzilla Description: tinytag: tinytag: Denial of Service via malicious MP3 file parsing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: OpenShift Lightspeed,
Full Details
CVE document

CVE-2026-32875
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449400
Bugzilla Description: ultrajson: UltraJSON: Denial of Service via large indent parameter in JSON serialization
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-32874
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2449411
Bugzilla Description: UltraJSON: UltraJSON: Denial of Service due to memory leak when parsing large integers
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-32766
Severity: low
Released on: 20/03/2026
Advisory:
Bugzilla: 2449371
Bugzilla Description: astral-tokio-tar: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-23536
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2429302
Bugzilla Description: feast: Unauthenticated Arbitrary File Read
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-23537
Severity: critical
Released on: 20/03/2026
Advisory:
Bugzilla: 2429304
Bugzilla Description: feast: Unauthenticated Arbitrary File Write
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-862
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-23538
Severity: important
Released on: 20/03/2026
Advisory:
Bugzilla: 2429311
Bugzilla Description: feast: Resource exhaustion via WebSocket endpoint
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-23275
Severity: low
Released on: 20/03/2026
Advisory:
Bugzilla: 2449558
Bugzilla Description: kernel: io_uring: ensure ctx->rings is stable for task work flags manipulation
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23277
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449560
Bugzilla Description: kernel: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23276
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449561
Bugzilla Description: kernel: net: add xmit recursion limit to tunnel xmit functions
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23273
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449563
Bugzilla Description: kernel: macvlan: observe an RCU grace period in macvlan_common_newlink() error path
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-364
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23271
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449565
Bugzilla Description: kernel: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-672
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23278
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449570
Bugzilla Description: kernel: netfilter: nf_tables: always walk all pending catchall elements
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-459
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23272
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449571
Bugzilla Description: kernel: netfilter: nf_tables: unconditionally bump set->nelems before insertion
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23274
Severity: moderate
Released on: 20/03/2026
Advisory:
Bugzilla: 2449572
Bugzilla Description: kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-22737
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449348
Bugzilla Description: Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-22735
Severity: low
Released on: 19/03/2026
Advisory:
Bugzilla: 2449347
Bugzilla Description: org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
CVSS Score:
CVSSv3 Score: 2.6
Vector:
CWE: CWE-115
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-22732
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449306
Bugzilla Description: Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-166
Affected Packages:
Package States: OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-22731
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449290
Bugzilla Description: Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-305
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat AMQ Clients,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel - HawtIO 4,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-4428
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449205
Bugzilla Description: AWS-LC: AWS-LC: Security bypass allows revoked certificates to be accepted due to CRL validation error
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-295
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,OpenShift Lightspeed,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-30836
Severity: critical
Released on: 19/03/2026
Advisory:
Bugzilla: 2449211
Bugzilla Description: github.com/smallstep/certificates: Step CA: Unauthenticated certificate issuance via SCEP Update Request
CVSS Score:
CVSSv3 Score: 10.0
Vector:
CWE: CWE-306
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-26940
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449139
Bugzilla Description: Kibana: Timelion: Kibana Timelion Plugin: Denial of Service via improper input validation in Timelion expressions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift distributed tracing 3,Red Hat OpenStack Platform 16.2,
Full Details
CVE document

CVE-2026-26939
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449144
Bugzilla Description: Kibana: Kibana: Unauthorized system control via missing authorization
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document

CVE-2026-3029
Severity: important
Released on: 19/03/2026
Advisory:
Bugzilla: 2449054
Bugzilla Description: PyMuPDF: PyMuPDF: Arbitrary file write via path traversal vulnerability
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2006-10003
Severity: important
Released on: 19/03/2026
Advisory:
Bugzilla: 2448999
Bugzilla Description: perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2006-10002
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449001
Bugzilla Description: perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4424
Severity: important
Released on: 19/03/2026
Advisory:
Bugzilla: 2449006
Bugzilla Description: libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-4426
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449010
Bugzilla Description: libarchive: libarchive: Denial of Service via malformed ISO file processing
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1335
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69720
Severity: moderate
Released on: 19/03/2026
Advisory:
Bugzilla: 2449037
Bugzilla Description: ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-15031
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448912
Bugzilla Description: mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32700
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448858
Bugzilla Description: devise: Devise: Unauthorized email confirmation due to a race condition
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-367
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-32636
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448862
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in NewXMLTree method
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-31965
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448751
Bugzilla Description: htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
CVSS Score:
CVSSv3 Score: 5.6
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31964
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448756
Bugzilla Description: htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-476
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31963
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448755
Bugzilla Description: htslib: HTSlib: Arbitrary code execution via crafted CRAM file
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-193
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3479
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448746
Bugzilla Description: python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-31962
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448750
Bugzilla Description: htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-1284
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27135
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448754
Bugzilla Description: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-33002
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448643
Bugzilla Description: jenkins: Jenkins: Origin validation bypass via DNS rebinding in CLI WebSocket endpoint
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-346
Affected Packages:
Package States: OpenShift Developer Tools and Services,Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-33001
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448645
Bugzilla Description: jenkins: Jenkins: Arbitrary file write and potential code execution through crafted archives
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Developer Tools and Services,Red Hat Developer Hub,
Full Details
CVE document

CVE-2026-4427
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448626
Bugzilla Description: github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-129
Affected Packages:
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,Assisted Installer for Red Hat OpenShift Container Platform 2,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Engine for Kubernetes,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Multicluster Global Hub,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Advanced Cluster Security 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift on AWS,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-31938
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448550
Bugzilla Description: jspdf: jsPDF: Cross site scripting via unsanitized output options
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-31898
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448547
Bugzilla Description: jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Advanced Cluster Security 4,
Full Details
CVE document

CVE-2026-30922
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448553
Bugzilla Description: pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Migration Toolkit for Containers,Migration Toolkit for Containers,Migration Toolkit for Virtualization,Migration Toolkit for Virtualization,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Service Mesh 3,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,Service Telemetry Framework 1.5,
Full Details
CVE document

CVE-2026-28500
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448518
Bugzilla Description: onnx: ONNX: Untrusted Model Repository Warnings Suppressed
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-829
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-29057
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448515
Bugzilla Description: next.js: Next.js: HTTP request smuggling in rewrites
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-444
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27980
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448509
Bugzilla Description: next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27979
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448512
Bugzilla Description: next.js: Next.js: Unbounded postponed resume buffering can lead to DoS
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-4366
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448543
Bugzilla Description: keycloak-services: Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling in Keycloak
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat Build of Keycloak,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Single Sign-On 7,
Full Details
CVE document

CVE-2026-23245
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448593
Bugzilla Description: kernel: net/sched: act_gate: snapshot parameters with RCU on replace
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23243
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448594
Bugzilla Description: kernel: Linux kernel: Denial of service and memory corruption in RDMA umad
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71265
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448595
Bugzilla Description: kernel: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23248
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448596
Bugzilla Description: kernel: perf/core: Fix refcount bug and potential UAF in perf_mmap
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-911
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71266
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448597
Bugzilla Description: kernel: fs: ntfs3: check return value of indx_find to avoid infinite loop
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23247
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448598
Bugzilla Description: kernel: tcp: secure_seq: add back ports to TS offset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71267
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448599
Bugzilla Description: kernel: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23246
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448600
Bugzilla Description: kernel: Linux kernel: Denial of Service in mac80211 Wi-Fi due to out-of-bounds write
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23244
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448601
Bugzilla Description: kernel: nvme: fix memory allocation in nvme_pr_read_keys()
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23242
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448602
Bugzilla Description: kernel: RDMA/siw: Fix potential NULL pointer dereference in header processing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71270
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448681
Bugzilla Description: kernel: LoongArch: Enable exception fixup for specific ADE subcode
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23263
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448683
Bugzilla Description: kernel: io_uring/zcrx: fix page array leak
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23266
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448684
Bugzilla Description: kernel: fbdev: rivafb: fix divide error in nv3_arb()
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23253
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448685
Bugzilla Description: kernel: Kernel: Denial of Service via DVB DVR ringbuffer reinitialization flaw
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-664
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23261
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448686
Bugzilla Description: kernel: nvme-fc: release admin tagset if init fails
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23259
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448689
Bugzilla Description: kernel: io_uring/rw: free potentially allocated iovec on cache put failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71269
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448690
Bugzilla Description: kernel: btrfs: do not free data reservation in fallback from inline due to -ENOSPC
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-832
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23267
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448691
Bugzilla Description: kernel: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23256
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448693
Bugzilla Description: kernel: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23262
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448694
Bugzilla Description: kernel: gve: Fix stats report corruption on queue count change
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71268
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448696
Bugzilla Description: kernel: btrfs: fix reservation leak in some error paths when inserting inline extent
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-772
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23254
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448699
Bugzilla Description: kernel: net: gro: fix outer network offset
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23249
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448700
Bugzilla Description: kernel: xfs: check for deleted cursors when revalidating two btrees
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23257
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448701
Bugzilla Description: kernel: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-193
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23260
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448702
Bugzilla Description: kernel: regmap: maple: free entry on mas_store_gfp() failure
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23255
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448703
Bugzilla Description: kernel: net: add proper RCU protection to /proc/net/ptype
CVSS Score:
CVSSv3 Score: 4.7
Vector:
CWE: CWE-362
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23252
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448704
Bugzilla Description: kernel: xfs: get rid of the xchk_xfile_*_descr calls
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23265
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448709
Bugzilla Description: kernel: f2fs: fix to do sanity check on node footer in {read,write}_end_io
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23251
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448710
Bugzilla Description: kernel: xfs: only call xf{array,blob}_destroy if we have a valid pointer
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23264
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448711
Bugzilla Description: kernel: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23250
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448712
Bugzilla Description: kernel: xfs: check return value of xchk_scrub_create_subord
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-253
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23258
Severity: low
Released on: 18/03/2026
Advisory:
Bugzilla: 2448713
Bugzilla Description: kernel: net: liquidio: Initialize netdev pointer before queue setup
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23270
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448745
Bugzilla Description: kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26740
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448747
Bugzilla Description: giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23268
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448752
Bugzilla Description: kernel: apparmor: fix unprivileged local user can do privileged policy management
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23269
Severity:
Released on: 18/03/2026
Advisory:
Bugzilla: 2448753
Bugzilla Description: kernel: apparmor: validate DFA start states are in bounds in unpack_pdb
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2023-43010
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2024:9679, RHSA-2024:9646, RHSA-2024:9144, RHSA-2024:8496, RHSA-2024:9653, RHSA-2025:10364, RHSA-2024:9680, RHSA-2024:8492, RHSA-2024:9636, RHSA-2024:8180,
Bugzilla: 2448778
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkit2gtk3-0:2.46.3-1.el8_4,webkit2gtk3-0:2.44.3-2.el9,webkit2gtk3-0:2.46.3-1.el8_6,webkit2gtk3-0:2.46.3-1.el8_8,webkit2gtk3-0:2.46.3-1.el8_10,webkit2gtk3-0:2.46.1-1.el9_2,webkitgtk4-0:2.48.3-2.el7_9,webkit2gtk3-0:2.46.1-1.el9_0,webkit2gtk3-0:2.46.3-1.el8_2,webkit2gtk3-0:2.46.1-2.el9_4,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-31223
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:19157, RHSA-2025:17807, RHSA-2025:17741, RHSA-2025:17743, RHSA-2025:17643, RHSA-2025:17802, RHSA-2025:19109, RHSA-2025:19352, RHSA-2025:19165, RHSA-2025:18097,
Bugzilla: 2448779
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkit2gtk3-0:2.50.0-1.el8_6,webkit2gtk3-0:2.50.0-2.el9_4,webkit2gtk3-0:2.50.0-1.el8_10,webkit2gtk3-0:2.50.0-1.el8_8.1,webkit2gtk3-0:2.50.0-2.el9_2,webkit2gtk3-0:2.50.0-2.el9_0,webkit2gtk3-0:2.50.0-1.el8_2,webkit2gtk3-0:2.50.0-1.el8_4,webkit2gtk3-0:2.50.1-0.el9_6,webkitgtk4-0:2.50.0-1.el7_9,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-31277
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:19157, RHSA-2025:17807, RHSA-2025:17741, RHSA-2025:17743, RHSA-2025:17643, RHSA-2025:17802, RHSA-2025:19109, RHSA-2025:19352, RHSA-2025:19165, RHSA-2025:18097,
Bugzilla: 2448780
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkit2gtk3-0:2.50.0-1.el8_6,webkit2gtk3-0:2.50.0-2.el9_4,webkit2gtk3-0:2.50.0-1.el8_10,webkit2gtk3-0:2.50.0-1.el8_8.1,webkit2gtk3-0:2.50.0-2.el9_2,webkit2gtk3-0:2.50.0-2.el9_0,webkit2gtk3-0:2.50.0-1.el8_2,webkit2gtk3-0:2.50.0-1.el8_4,webkit2gtk3-0:2.50.1-0.el9_6,webkitgtk4-0:2.50.0-1.el7_9,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43213
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448781
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-43214
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448782
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-43433
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:23743, RHSA-2025:22789, RHSA-2025:23434, RHSA-2025:23742, RHSA-2025:23433, RHSA-2025:22790, RHSA-2025:23452, RHSA-2025:23583, RHSA-2025:23451, RHSA-2025:23110, RHSA-2025:23591,
Bugzilla: 2448783
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to memory corruption
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkitgtk4-0:2.50.3-2.el7_9,webkit2gtk3-0:2.50.3-2.el8_6,webkit2gtk3-0:2.50.3-1.el9_0,webkit2gtk3-0:2.50.3-2.el8_8,webkit2gtk3-0:2.50.3-2.el8_2,webkit2gtk3-0:2.50.3-2.el8_4,webkit2gtk3-0:2.50.3-1.el8_10,webkit2gtk3-0:2.50.3-1.el9_6,webkit2gtk3-0:2.50.3-1.el9_7,webkit2gtk3-0:2.50.3-1.el9_4,webkit2gtk3-0:2.50.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43438
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:23743, RHSA-2025:22789, RHSA-2025:23434, RHSA-2025:23742, RHSA-2025:23433, RHSA-2025:22790, RHSA-2025:23452, RHSA-2025:23583, RHSA-2025:23451, RHSA-2025:23110, RHSA-2025:23591,
Bugzilla: 2448784
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-416
Affected Packages: webkitgtk4-0:2.50.3-2.el7_9,webkit2gtk3-0:2.50.3-2.el8_6,webkit2gtk3-0:2.50.3-1.el9_0,webkit2gtk3-0:2.50.3-2.el8_8,webkit2gtk3-0:2.50.3-2.el8_2,webkit2gtk3-0:2.50.3-2.el8_4,webkit2gtk3-0:2.50.3-1.el8_10,webkit2gtk3-0:2.50.3-1.el9_6,webkit2gtk3-0:2.50.3-1.el9_7,webkit2gtk3-0:2.50.3-1.el9_4,webkit2gtk3-0:2.50.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43441
Severity: important
Released on: 18/03/2026
Advisory: RHSA-2025:23743, RHSA-2025:22789, RHSA-2025:23434, RHSA-2025:23742, RHSA-2025:23433, RHSA-2025:22790, RHSA-2025:23452, RHSA-2025:23583, RHSA-2025:23451, RHSA-2025:23110, RHSA-2025:23591,
Bugzilla: 2448785
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages: webkitgtk4-0:2.50.3-2.el7_9,webkit2gtk3-0:2.50.3-2.el8_6,webkit2gtk3-0:2.50.3-1.el9_0,webkit2gtk3-0:2.50.3-2.el8_8,webkit2gtk3-0:2.50.3-2.el8_2,webkit2gtk3-0:2.50.3-2.el8_4,webkit2gtk3-0:2.50.3-1.el8_10,webkit2gtk3-0:2.50.3-1.el9_6,webkit2gtk3-0:2.50.3-1.el9_7,webkit2gtk3-0:2.50.3-1.el9_4,webkit2gtk3-0:2.50.3-1.el9_2,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2025-43457
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448786
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-43511
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448787
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-46299
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448788
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may disclose internal states of the app
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-909
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20608
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448789
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20635
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448790
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20636
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448791
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20644
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448792
Bugzilla Description: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20652
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2448793
Bugzilla Description: webkitgtk: A remote attacker may be able to cause a denial-of-service
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-20676
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2448794
Bugzilla Description: webkitgtk: A website may be able to track users through Safari web extensions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-201
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4462
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449381
Bugzilla Description: chromium-browser: Out of bounds read in Blink
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4464
Severity: moderate
Released on: 18/03/2026
Advisory:
Bugzilla: 2449382
Bugzilla Description: chromium-browser: Integer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4442
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449383
Bugzilla Description: chromium-browser: Heap buffer overflow in CSS
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-131
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4439
Severity: critical
Released on: 18/03/2026
Advisory:
Bugzilla: 2449384
Bugzilla Description: chromium-browser: Out of bounds memory access in WebGL
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4451
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449385
Bugzilla Description: chromium-browser: Insufficient validation of untrusted input in Navigation
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-1286
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4453
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449387
Bugzilla Description: chromium-browser: Integer overflow in Dawn
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4452
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449388
Bugzilla Description: chromium-browser: Integer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-190
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4447
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449389
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-843
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4455
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449392
Bugzilla Description: chromium-browser: Heap buffer overflow in PDFium
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4440
Severity: critical
Released on: 18/03/2026
Advisory:
Bugzilla: 2449394
Bugzilla Description: chromium-browser: Out of bounds read and write in WebGL
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4458
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449395
Bugzilla Description: chromium-browser: Use after free in Extensions
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4450
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449396
Bugzilla Description: chromium-browser: Out of bounds write in V8
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4449
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449397
Bugzilla Description: chromium-browser: Use after free in Blink
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-1341
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4444
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449398
Bugzilla Description: chromium-browser: Stack buffer overflow in WebRTC
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4461
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449399
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4443
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449401
Bugzilla Description: chromium-browser: Heap buffer overflow in WebAudio
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4459
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449402
Bugzilla Description: chromium-browser: Out of bounds read and write in WebAudio
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4446
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449405
Bugzilla Description: chromium-browser: Use after free in WebRTC
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4448
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449406
Bugzilla Description: chromium-browser: Heap buffer overflow in ANGLE
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4456
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449407
Bugzilla Description: chromium-browser: Use after free in Digital Credentials API
CVSS Score:
CVSSv3 Score: 9.0
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4457
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449409
Bugzilla Description: chromium-browser: Type Confusion in V8
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-843
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4460
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449412
Bugzilla Description: chromium-browser: Out of bounds read in Skia
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4463
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449413
Bugzilla Description: chromium-browser: Heap buffer overflow in WebRTC
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-131
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4454
Severity: important
Released on: 18/03/2026
Advisory:
Bugzilla: 2449414
Bugzilla Description: chromium-browser: Use after free in Network
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4441
Severity: critical
Released on: 18/03/2026
Advisory:
Bugzilla: 2449415
Bugzilla Description: chromium-browser: Use after free in Base
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-27978
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448513
Bugzilla Description: next.js: Next.js: null origin can bypass Server Actions CSRF checks
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27977
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448514
Bugzilla Description: next.js: Next.js: null origin can bypass dev HMR websocket CSRF checks
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-346
Affected Packages:
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Trusted Artifact Signer,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-27459
Severity: important
Released on: 17/03/2026
Advisory:
Bugzilla: 2448503
Bugzilla Description: pyOpenSSL: DTLS cookie callback buffer overflow
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document

CVE-2026-27448
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448508
Bugzilla Description: pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-636
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Update Infrastructure 4 for Cloud Providers,
Full Details
CVE document

CVE-2026-4645
Severity: important
Released on: 17/03/2026
Advisory:
Bugzilla: 2450214
Bugzilla Description: github.com/antchfx/xpath: xpath: Denial of Service via crafted Boolean XPath expressions
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages:
Package States: Compliance Operator,Compliance Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,File Integrity Operator,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Migration Toolkit for Applications 8,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,
Full Details
CVE document

CVE-2026-4359
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448447
Bugzilla Description: mongo-c-driver: mongo-c-driver: Denial of Service via malformed HTTP response
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-170
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-32981
Severity: important
Released on: 17/03/2026
Advisory:
Bugzilla: 2448440
Bugzilla Description: ray: Ray Dashboard Path Traversal Leading to Local File Disclosure
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32837
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448445
Bugzilla Description: miniaudio: miniaudio: Denial of Service via crafted WAV files due to heap out-of-bounds read
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-170
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4324
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448349
Bugzilla Description: rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-89
Affected Packages:
Package States: Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-23241
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448335
Bugzilla Description: kernel: audit: add missing syscalls to read class
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-693
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-71239
Severity: moderate
Released on: 17/03/2026
Advisory:
Bugzilla: 2448336
Bugzilla Description: kernel: audit: add fchmodat2() to change attributes class
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-693
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4177
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448277
Bugzilla Description: perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
CVSS Score:
CVSSv3 Score: 7.3
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,
Full Details
CVE document

CVE-2026-32829
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448271
Bugzilla Description: lz4_flex: lz4_flex's decompression can leak information from uninitialized memory or reused output buffer
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-823
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2025-69196
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448179
Bugzilla Description: fastmcp: FastMCP: Improper token issuance due to incorrect resource parameter handling
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-1220
Affected Packages:
Package States: Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-28498
Severity: important
Released on: 16/03/2026
Advisory:
Bugzilla: 2448182
Bugzilla Description: authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-325
Affected Packages:
Package States: Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-4224
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448181
Bugzilla Description: cpython: Stack overflow parsing XML with deeply nested DTD content models
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-805
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-28490
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448162
Bugzilla Description: authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-325
Affected Packages:
Package States: Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-3644
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448168
Bugzilla Description: cpython: Incomplete control character validation in http.cookies
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-791
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,
Full Details
CVE document

CVE-2026-27962
Severity: critical
Released on: 16/03/2026
Advisory: RHSA-2026:4942, RHSA-2026:5665,
Bugzilla: 2448164
Bugzilla Description: authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-347
Affected Packages: quay/quay-rhel8:sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb,quay/quay-rhel8:sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2,
Package States: Lightspeed Core,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-32778
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447885
Bugzilla Description: libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition
CVSS Score:
CVSSv3 Score: 5.1
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32777
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447890
Bugzilla Description: libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing
CVSS Score:
CVSSv3 Score: 4.0
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32776
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447888
Bugzilla Description: libexpat: libexpat: Denial of Service due to NULL pointer dereference
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-32775
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2447881
Bugzilla Description: libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-4271
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448044
Bugzilla Description: libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-69693
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448195
Bugzilla Description: FFmpeg: out-of-bounds read in RV60 video decoder
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Lightspeed Core,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2025-68971
Severity: moderate
Released on: 16/03/2026
Advisory:
Bugzilla: 2448387
Bugzilla Description: forgejo: Forgejo: Denial of Service via large file attachment upload
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4174
Severity: moderate
Released on: 15/03/2026
Advisory:
Bugzilla: 2447696
Bugzilla Description: Radare2: Radare2: Local resource consumption via Mach-O File Parser
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-1050
Affected Packages:
Package States:
Full Details
CVE document

CVE-2025-14287
Severity: important
Released on: 15/03/2026
Advisory:
Bugzilla: 2447690
Bugzilla Description: mlflow: MLflow: Arbitrary command execution via unsanitized container image names
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-78
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2025-54920
Severity: moderate
Released on: 14/03/2026
Advisory:
Bugzilla: 2447599
Bugzilla Description: org.apache.spark/spark-core: Apache Spark: Spark History Server Code Execution Vulnerability
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32640
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447529
Bugzilla Description: simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-915
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32635
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447515
Bugzilla Description: @angular/core: @angular/compiler: Angular has XSS in i18n attribute bindings
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-79
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-32630
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447514
Bugzilla Description: file-type: file-type: Denial of Service via excessive memory growth from crafted ZIP files
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-409
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat build of Apicurio Registry 2,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3084
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447483
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-191
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2921
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447496
Bugzilla Description: GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3083
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447498
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3086
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447493
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3085
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447495
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3082
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447492
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3081
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447494
Bugzilla Description: GStreamer: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2923
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447503
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2922
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447500
Bugzilla Description: GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2920
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447490
Bugzilla Description: GStreamer: GStreamer: Arbitrary code execution via ASF file processing
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31899
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447447
Bugzilla Description: CairoSVG: CairoSVG: Denial of Service via recursive element amplification
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30853
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447437
Bugzilla Description: calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file
CVSS Score:
CVSSv3 Score: 5.0
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31897
Severity: low
Released on: 13/03/2026
Advisory:
Bugzilla: 2447380
Bugzilla Description: freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31806
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2447376
Bugzilla Description: freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31885
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447383
Bugzilla Description: freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31884
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447385
Bugzilla Description: freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-369
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-31883
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447386
Bugzilla Description: freerdp: FreeRDP has a `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write
CVSS Score:
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29776
Severity: low
Released on: 13/03/2026
Advisory:
Bugzilla: 2447381
Bugzilla Description: freerdp: FreeRDP has an Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29775
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447379
Bugzilla Description: freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-29774
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447382
Bugzilla Description: freerdp: FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-2673
Severity: low
Released on: 13/03/2026
Advisory:
Bugzilla: 2447327
Bugzilla Description: openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group
CVSS Score:
CVSSv3 Score: 3.1
Vector:
CWE: CWE-325
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Hardened Images,Red Hat JBoss Core Services,
Full Details
CVE document

CVE-2025-57849
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2391100
Bugzilla Description: fuse: privilege escalation via excessive /etc/passwd permissions
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,
Full Details
CVE document

CVE-2025-8766
Severity: important
Released on: 13/03/2026
Advisory:
Bugzilla: 2387265
Bugzilla Description: noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
CVSS Score:
CVSSv3 Score: 6.4
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,
Full Details
CVE document

CVE-2026-3312
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2443259
Bugzilla Description: pagure: Pagure: Information disclosure via unrestricted reStructuredText include directive
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-4105
Severity: moderate
Released on: 13/03/2026
Advisory:
Bugzilla: 2447262
Bugzilla Description: systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method
CVSS Score:
CVSSv3 Score: 6.7
Vector:
CWE: CWE-284
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32597
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447194
Bugzilla Description: pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-347
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Trusted Artifact Signer,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-32304
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447200
Bugzilla Description: locutusjs: Locutus: Arbitrary code execution via unsanitized parameters in create_function
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-88
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document

CVE-2026-2229
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447143
Bugzilla Description: undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-248
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1528
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447145
Bugzilla Description: undici: undici: Denial of Service via crafted WebSocket frame with large length
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-248
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1527
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447141
Bugzilla Description: undici: Undici: HTTP header injection and request smuggling vulnerability
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-93
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-2581
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447140
Bugzilla Description: undici: Undici: Denial of Service due to uncontrolled resource consumption
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1526
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447142
Bugzilla Description: undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-1525
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447144
Bugzilla Description: undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-444
Affected Packages:
Package States: Cryostat 4,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Pipelines,Red Hat Developer Hub,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32274
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447111
Bugzilla Description: black: Black: Arbitrary file writes from unsanitized user input in cache file name
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat Ansible Automation Platform Ansible Core 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-32259
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447112
Bugzilla Description: ImageMagick: stack-based buffer overflow in sixel encoder
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-32240
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447117
Bugzilla Description: capnproto: Cap'n Proto: Integer overflow in KJ-HTTP chunk size
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-32239
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447106
Bugzilla Description: capnproto: Cap'n Proto has an integer overflow in KJ-HTTP
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-681
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-32249
Severity: low
Released on: 12/03/2026
Advisory:
Bugzilla: 2447110
Bugzilla Description: vim: NFA regex engine NULL pointer dereference
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32237
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447080
Bugzilla Description: @backstage/plugin-scaffolder-backend: @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-497
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32236
Severity:
Released on: 12/03/2026
Advisory:
Bugzilla: 2447090
Bugzilla Description: @backstage/plugin-auth-backend: @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
CVSS Score:
Vector:
CWE: CWE-918
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-32235
Severity: moderate
Released on: 12/03/2026
Advisory:
Bugzilla: 2447075
Bugzilla Description: @backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-601
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3497
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447085
Bugzilla Description: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables
CVSS Score:
CVSSv3 Score: 8.2
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-32141
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447083
Bugzilla Description: flatted: flatted: Unbounded recursion DoS in parse() revive phase
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat AMQ Broker 7,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Directory Server 11,Red Hat Directory Server 12,Red Hat Directory Server 13,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Single Sign-On 7,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-28356
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447059
Bugzilla Description: multipart: denial of service via maliciously crafted HTTP or multipart segment headers
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Lightspeed Core,Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,
Full Details
CVE document

CVE-2025-70873
Severity: low
Released on: 12/03/2026
Advisory:
Bugzilla: 2447086
Bugzilla Description: sqlite: SQLite: Information Disclosure via Crafted ZIP File
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-908
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3909
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447195
Bugzilla Description: chromium-browser: Out of bounds write in Skia
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3910
Severity: important
Released on: 12/03/2026
Advisory:
Bugzilla: 2447199
Bugzilla Description: chromium-browser: Inappropriate implementation in V8
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2808
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446879
Bugzilla Description: github.com/hashicorp/consul: HashiCorp Consul: Arbitrary file read via Kubernetes authentication configuration
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-59
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Multicluster Global Hub,OpenShift Serverless,OpenShift Service Mesh 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Ansible Automation Platform 2,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift GitOps,Red Hat OpenShift GitOps,Red Hat OpenStack Platform 18.0,
Full Details
CVE document

CVE-2026-31958
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446765
Bugzilla Description: tornado-python: Tornado: Denial of Service via large multipart bodies
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-770
Affected Packages:
Package States: External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,External Secrets Operator for Red Hat OpenShift,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3950
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446751
Bugzilla Description: libheif: libheif: Denial of Service via out-of-bounds read in Track::load function
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,
Full Details
CVE document

CVE-2026-3949
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446725
Bugzilla Description: libheif: libheif: Out-of-bounds read via local argument manipulation
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-805
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-31870
Severity: important
Released on: 11/03/2026
Advisory:
Bugzilla: 2446713
Bugzilla Description: cpp-httplib: cpp-httplib: Denial of Service via malformed Content-Length header
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1287
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30226
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446675
Bugzilla Description: devalue: Devalue: Denial of Service or type confusion via prototype pollution
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-843
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-31853
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446690
Bugzilla Description: imagemagick: ImageMagick: Denial of Service via overflow in SFW decoder when processing large images on 32-bit systems
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-122
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-1471
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446566
Bugzilla Description: neo4j: Neo4j: Authentication context inheritance via excessive caching in SSO UserInfo endpoint
CVSS Score:
CVSSv3 Score: 4.2
Vector:
CWE: CWE-488
Affected Packages:
Package States: Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-29777
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446584
Bugzilla Description: github.com/traefik/traefik: Traefik: Traffic redirection and hostname bypass via unsanitized input in router rules
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-94
Affected Packages:
Package States: Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-31892
Severity: important
Released on: 11/03/2026
Advisory:
Bugzilla: 2446551
Bugzilla Description: github.com/argoproj/argo-workflows: Argo Workflows: Security bypass allows privilege escalation via podSpecPatch field
CVSS Score:
CVSSv3 Score: 9.9
Vector:
CWE: CWE-807
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-28229
Severity: important
Released on: 11/03/2026
Advisory:
Bugzilla: 2446549
Bugzilla Description: argo-workflows: Argo Workflows has unauthorized access to Argo Workflows Template
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-306
Affected Packages:
Package States: Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3904
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446533
Bugzilla Description: glibc: nscd client crash on x86_64 under high nscd load
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3805
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446451
Bugzilla Description: curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3784
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446449
Bugzilla Description: curl: curl: Unauthorized access due to improper HTTP proxy connection reuse
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-305
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3783
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446450
Bugzilla Description: curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-201
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-1965
Severity: moderate
Released on: 11/03/2026
Advisory:
Bugzilla: 2446448
Bugzilla Description: curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-303
Affected Packages:
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat JBoss Core Services,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-3911
Severity: low
Released on: 11/03/2026
Advisory:
Bugzilla: 2446392
Bugzilla Description: org.keycloak.services.resources.admin.UserResource: Keycloak: Information disclosure of disabled user attributes via administrative endpoint
CVSS Score:
CVSSv3 Score: 2.7
Vector:
CWE: CWE-359
Affected Packages:
Package States: Red Hat Build of Keycloak,
Full Details
CVE document

CVE-2026-4111
Severity: important
Released on: 11/03/2026
Advisory: RHSA-2026:5063, RHSA-2026:5080,
Bugzilla: 2446453
Bugzilla Description: libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-835
Affected Packages: libarchive-0:3.7.7-5.el10_1,libarchive-0:3.5.3-7.el9_7,
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-31838
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446342
Bugzilla Description: istio: Istio: Authorization policy bypass via Envoy RBAC header matching with multiple header values
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-551
Affected Packages:
Package States: cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,ExternalDNS Operator,ExternalDNS Operator,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-31837
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446344
Bugzilla Description: istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1392
Affected Packages:
Package States: cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,cert-manager Operator for Red Hat OpenShift,ExternalDNS Operator,ExternalDNS Operator,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Connectivity Link 1,Red Hat Connectivity Link 1,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-31826
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446336
Bugzilla Description: pypdf: pypdf: Denial of Service due to excessive memory consumption via crafted PDF
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-31812
Severity: important
Released on: 10/03/2026
Advisory: RHSA-2026:5459,
Bugzilla: 2446330
Bugzilla Description: quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-248
Affected Packages: rhtas/tuffer-rhel9:sha256:f30c3610c1c840ea8edb99c2679edb09768c45012979da1389605c6a54204292,rhtas/tuftool-rhel9:sha256:cc2676a9d70599503faf8ca413e7bbc29cd523782a3d1e81bfc8f9e6323b4a28,
Package States: Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Confidential Compute Attestation,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Update Service,Red Hat Trusted Profile Analyzer,
Full Details
CVE document

CVE-2026-31808
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446309
Bugzilla Description: file-type: file-type: Denial of Service due to infinite loop in ASF file parsing
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat build of Apicurio Registry 2,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Satellite 6,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-30951
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446250
Bugzilla Description: sequelize: Sequelize: Data exfiltration via SQL injection in JSON/JSONB where clause processing
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-89
Affected Packages:
Package States: Confidential Compute Attestation,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 9,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-23868
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446207
Bugzilla Description: giflib: Giflib: Double-free vulnerability leading to memory corruption
CVSS Score:
CVSSv3 Score: 7.0
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28292
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446162
Bugzilla Description: simple-git: simple-git: Remote Code Execution via bypass of prior security fixes
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-76
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,
Full Details
CVE document

CVE-2026-26130
Severity: important
Released on: 10/03/2026
Advisory: RHSA-2026:4458, RHSA-2026:4453, RHSA-2026:4443, RHSA-2026:4454, RHSA-2026:4455, RHSA-2026:4445, RHSA-2026:4456, RHSA-2026:4450, RHSA-2026:4451,
Bugzilla: 2446134
Bugzilla Description: asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-770
Affected Packages: dotnet8.0-0:8.0.125-1.el10_1,dotnet8.0-0:8.0.125-1.el9_7,dotnet9.0-0:9.0.115-1.el10_1,dotnet9.0-0:9.0.115-1.el9_7,dotnet10.0-0:10.0.104-1.el10_1,dotnet9.0-0:9.0.115-1.el8_10,dotnet8.0-0:8.0.125-1.el8_10,dotnet10.0-0:10.0.104-1.el8_10,dotnet10.0-0:10.0.104-1.el9_7,
Package States: Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26127
Severity: moderate
Released on: 10/03/2026
Advisory: RHSA-2026:4458, RHSA-2026:4453, RHSA-2026:4443, RHSA-2026:4445, RHSA-2026:4456, RHSA-2026:4450,
Bugzilla: 2446098
Bugzilla Description: .net: .NET: Denial of Service via out-of-bounds read
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-125
Affected Packages: dotnet9.0-0:9.0.115-1.el10_1,dotnet9.0-0:9.0.115-1.el9_7,dotnet10.0-0:10.0.104-1.el10_1,dotnet9.0-0:9.0.115-1.el8_10,dotnet10.0-0:10.0.104-1.el8_10,dotnet10.0-0:10.0.104-1.el9_7,
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-26131
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446069
Bugzilla Description: dotnet: .NET: Privilege escalation via incorrect default permissions
CVSS Score:
CVSSv3 Score: 7.8
Vector:
CWE: CWE-276
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-30942
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446087
Bugzilla Description: flare: Flare: Information disclosure via authenticated path traversal
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-2742
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446005
Bugzilla Description: com.vaadin/flow-server: Vaadin flow-server: Authentication bypass due to inconsistent path matching allows unauthorized session creation.
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-551
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-2741
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446008
Bugzilla Description: Vaadin-Flow: Vaadin: Arbitrary file write via path traversal during Node.js download
CVSS Score:
CVSSv3 Score: 2.6
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,
Full Details
CVE document

CVE-2026-23907
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2445994
Bugzilla Description: org.apache.pdfbox:pdfbox-examples: Apache PDFBox Example: Path Traversal via specially crafted filenames allows arbitrary file write
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Apache Camel for Spring Boot 4,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-23239
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446109
Bugzilla Description: kernel: Kernel: Race condition in espintcp can lead to denial of service
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-23240
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446139
Bugzilla Description: kernel: Linux kernel: Denial of service due to a race condition in the TLS subsystem
CVSS Score:
CVSSv3 Score: 5.8
Vector:
CWE: CWE-366
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3918
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446844
Bugzilla Description: chromium-browser: Use after free in WebMCP
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3921
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446845
Bugzilla Description: chromium-browser: Use after free in TextEncoding
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3913
Severity: critical
Released on: 10/03/2026
Advisory:
Bugzilla: 2446846
Bugzilla Description: chromium-browser: Heap buffer overflow in WebML
CVSS Score:
CVSSv3 Score: 9.6
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3923
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446847
Bugzilla Description: chromium-browser: Use after free in WebMIDI
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3914
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446848
Bugzilla Description: chromium-browser: Integer overflow in WebML
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3938
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446849
Bugzilla Description: chromium-browser: Insufficient policy enforcement in Clipboard
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3934
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446850
Bugzilla Description: chromium-browser: Insufficient policy enforcement in ChromeDriver
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3942
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446852
Bugzilla Description: chromium-browser: Incorrect security UI in PictureInPicture
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3919
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446853
Bugzilla Description: chromium-browser: Use after free in Extensions
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3916
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446854
Bugzilla Description: chromium-browser: Out of bounds read in Web Speech
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3915
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446856
Bugzilla Description: chromium-browser: Heap buffer overflow in WebML
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3927
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446857
Bugzilla Description: chromium-browser: Incorrect security UI in PictureInPicture
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3926
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446859
Bugzilla Description: chromium-browser: Out of bounds read in V8
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3940
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446860
Bugzilla Description: chromium-browser: Insufficient policy enforcement in DevTools
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3917
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446861
Bugzilla Description: chromium-browser: Use after free in Agents
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3941
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446863
Bugzilla Description: chromium-browser: Insufficient policy enforcement in DevTools
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3920
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446864
Bugzilla Description: chromium-browser: Out of bounds memory access in WebML
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3928
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446865
Bugzilla Description: chromium-browser: Insufficient policy enforcement in Extensions
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3922
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446866
Bugzilla Description: chromium-browser: Use after free in MediaStream
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3931
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446868
Bugzilla Description: chromium-browser: Heap buffer overflow in Skia
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3929
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446870
Bugzilla Description: chromium-browser: Side-channel information leakage in ResourceTiming
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3924
Severity: important
Released on: 10/03/2026
Advisory:
Bugzilla: 2446871
Bugzilla Description: chromium-browser: Use after free in WindowDialog
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3935
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2446872
Bugzilla Description: chromium-browser: Incorrect security UI in WebAppInstalls
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3939
Severity: low
Released on: 10/03/2026
Advisory:
Bugzilla: 2446873
Bugzilla Description: chromium-browser: Insufficient policy enforcement in PDF
CVSS Score:
CVSSv3 Score: 4.3
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3930
Severity: moderate
Released on: 10/03/2026
Advisory:
Bugzilla: 2447256
Bugzilla Description: chromium-browser: Unsafe navigation in Navigation
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE:
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30937
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445882
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via integer overflow in XWD encoder
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30936
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445880
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via crafted image processing
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-787
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30935
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445899
Bugzilla Description: ImageMagick: heap-based buffer over-read in BilateralBlurImage
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30931
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445900
Bugzilla Description: ImageMagick: ImageMagick: Heap-based buffer overflow leading to out-of-bounds write
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30929
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445896
Bugzilla Description: ImageMagick: stack-based buffer overflow in MagnifyImage
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-30883
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445878
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service due to heap overflow when processing large image profiles
CVSS Score:
CVSSv3 Score: 5.7
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28693
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445888
Bugzilla Description: ImageMagick: ImageMagick: Out-of-bounds read or write due to integer overflow in DIB coder
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28692
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445890
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure and denial of service via heap over-read in MAT decoder
CVSS Score:
CVSSv3 Score: 4.8
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28691
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445902
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via uninitialized pointer dereference in JBIG decoder
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28690
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445887
Bugzilla Description: ImageMagick: stack-based buffer overflow in MNG encoder
CVSS Score:
CVSSv3 Score: 6.1
Vector:
CWE: CWE-121
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28689
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445891
Bugzilla Description: ImageMagick: ImageMagick: Information disclosure and unauthorized modification via symlink TOCTOU vulnerability
CVSS Score:
CVSSv3 Score: 6.3
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28688
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445877
Bugzilla Description: ImageMagick: use-after-free in the MSL encoder
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-416
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28687
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445897
Bugzilla Description: ImageMagick: ImageMagick: Heap use-after-free vulnerability allows denial of service via crafted MSL file
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-825
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28686
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445889
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service via heap-buffer-overflow in PCL encode
CVSS Score:
CVSSv3 Score: 6.8
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28494
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445901
Bugzilla Description: ImageMagick: ImageMagick: Arbitrary code execution or denial of service via maliciously crafted kernel strings
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-120
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-28493
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445883
Bugzilla Description: ImageMagick: ImageMagick: Denial of Service and information disclosure via integer overflow in SIXEL decoder
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-190
Affected Packages:
Package States: Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,
Full Details
CVE document

CVE-2026-31802
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445881
Bugzilla Description: tar: tar: File overwrite via drive-relative symlink traversal
CVSS Score:
CVSSv3 Score: 6.2
Vector:
CWE: CWE-22
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Network Observability Operator,Network Observability Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel - HawtIO 4,Red Hat Developer Hub,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-25960
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445892
Bugzilla Description: vLLM: vLLM: Server-Side Request Forgery bypass via inconsistent URL parsing
CVSS Score:
CVSSv3 Score: 7.1
Vector:
CWE: CWE-474
Affected Packages:
Package States: Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat AI Inference Server,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-0846
Severity: important
Released on: 09/03/2026
Advisory:
Bugzilla: 2445826
Bugzilla Description: nltk: NLTK: Arbitrary file read via improper path validation in `filestring()` function
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-3836
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445770
Bugzilla Description: dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE: CWE-22
Affected Packages:
Package States:
Full Details
CVE document

CVE-2025-69647
Severity: low
Released on: 09/03/2026
Advisory:
Bugzilla: 2445773
Bugzilla Description: binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69648
Severity: low
Released on: 09/03/2026
Advisory:
Bugzilla: 2445774
Bugzilla Description: binutils: infinite loop in readelf via crafted binary with malformed DWARF .debug_rnglists data
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-835
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2024-14027
Severity: low
Released on: 09/03/2026
Advisory:
Bugzilla: 2445789
Bugzilla Description: kernel: xattr: switch to CLASS(fd)
CVSS Score:
CVSSv3 Score: 5.5
Vector:
CWE:
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-70034
Severity: moderate
Released on: 09/03/2026
Advisory:
Bugzilla: 2445801
Bugzilla Description: ssh2: ssh2: Denial of Service due to inefficient regular expression complexity
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-1333
Affected Packages:
Package States: Red Hat Build of Podman Desktop - Tech Preview,Red Hat Build of Podman Desktop - Tech Preview,Red Hat Developer Hub,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Self-service automation portal 2,
Full Details
CVE document

CVE-2026-3731
Severity: moderate
Released on: 08/03/2026
Advisory:
Bugzilla: 2445579
Bugzilla Description: libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-125
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3713
Severity: moderate
Released on: 08/03/2026
Advisory:
Bugzilla: 2445566
Bugzilla Description: libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-131
Affected Packages:
Package States: Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 11 ELS,Red Hat build of OpenJDK 17,Red Hat build of OpenJDK 1.8,Red Hat build of OpenJDK 21,Red Hat build of OpenJDK 25,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-29076
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445491
Bugzilla Description: cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request
CVSS Score:
CVSSv3 Score: 5.9
Vector:
CWE: CWE-1333
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29786
Severity: important
Released on: 07/03/2026
Advisory:
Bugzilla: 2445476
Bugzilla Description: node-tar: hardlink path traversal via drive-relative linkpath
CVSS Score:
CVSSv3 Score: 8.6
Vector:
CWE: CWE-22
Affected Packages:
Package States: Cryostat 4,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Network Observability Operator,Network Observability Operator,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat AMQ Broker 7,Red Hat build of Apache Camel - HawtIO 4,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat Process Automation 7,Red Hat Process Automation 7,Red Hat Single Sign-On 7,Red Hat Trusted Artifact Signer,
Full Details
CVE document

CVE-2026-29186
Severity: important
Released on: 07/03/2026
Advisory:
Bugzilla: 2445480
Bugzilla Description: backstage/plugin-techdocs-node: TechDocs Mkdocs configuration key enables arbitrary code execution
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-791
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-29184
Severity: low
Released on: 07/03/2026
Advisory:
Bugzilla: 2445468
Bugzilla Description: @backstage/plugin-scaffolder-backend: Backstage Scaffolder Backend: Information disclosure via malicious template bypassing log redaction
CVSS Score:
CVSSv3 Score: 2.0
Vector:
CWE: CWE-117
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-29185
Severity: low
Released on: 07/03/2026
Advisory:
Bugzilla: 2445484
Bugzilla Description: @backstage/integration: Backstage SCM Integration: Unauthorized access to SCM APIs via path traversal
CVSS Score:
CVSSv3 Score: 2.7
Vector:
CWE: CWE-22
Affected Packages:
Package States: Red Hat Developer Hub,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-24308
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445451
Bugzilla Description: Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-117
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-24281
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445449
Bugzilla Description: Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing
CVSS Score:
CVSSv3 Score: 7.4
Vector:
CWE: CWE-295
Affected Packages:
Package States: Red Hat AMQ Broker 7,Red Hat build of Apache Camel for Spring Boot 4,Red Hat build of Debezium 2,Red Hat build of Debezium 3,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat Offline Knowledge Portal,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),streams for Apache Kafka 2,streams for Apache Kafka 3,
Full Details
CVE document

CVE-2026-30827
Severity: moderate
Released on: 07/03/2026
Advisory:
Bugzilla: 2445429
Bugzilla Description: express-rate-limit: express-rate-limit: Denial of Service for IPv4 clients due to incorrect IPv6 subnet masking
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1389
Affected Packages:
Package States: Red Hat Ansible Automation Platform 2,Red Hat Developer Hub,Red Hat OpenShift Dev Spaces,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-27139
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445335
Bugzilla Description: os: FileInfo can escape from a Root in golang os module
CVSS Score:
CVSSv3 Score: 2.5
Vector:
CWE: CWE-22
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-27138
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445344
Bugzilla Description: crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509
CVSS Score:
CVSSv3 Score: 3.7
Vector:
CWE: CWE-295
Affected Packages:
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-27142
Severity: moderate
Released on: 06/03/2026
Advisory: RHSA-2026:5192,
Bugzilla: 2445351
Bugzilla Description: html/template: URLs in meta content attribute actions are not escaped in html/template
CVSS Score:
CVSSv3 Score: 5.4
Vector:
CWE: CWE-79
Affected Packages: golang1-25-main-1.25.8-1.1.hum1,
Package States: OpenShift Service Mesh 2,OpenShift Service Mesh 3,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Virtualization 4,
Full Details
CVE document

CVE-2026-25679
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:5549, RHSA-2026:5110,
Bugzilla: 2445356
Bugzilla Description: net/url: Incorrect parsing of IPv6 host literals in net/url
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1286
Affected Packages: openshift-builds/openshift-builds-waiters-rhel9:sha256:1beb2ef462b304a691c1bfd855bc6f70d26895a290de7524e0806ea023f92a30,multicluster-globalhub/multicluster-globalhub-agent-rhel9:sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,ExternalDNS Operator,ExternalDNS Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,mirror registry for Red Hat OpenShift,mirror registry for Red Hat OpenShift 2,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat AMQ Clients,Red Hat AMQ Clients,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat Certification Program for Red Hat Enterprise Linux 9,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Hardened Images,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 1,Red Hat Service Interconnect 1,Red Hat Service Interconnect 2,Red Hat Service Interconnect 2,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Service Telemetry Framework 1.5,streams for Apache Kafka 3,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-27137
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:5549, RHSA-2026:5110,
Bugzilla: 2445345
Bugzilla Description: crypto/x509: Incorrect enforcement of email constraints in crypto/x509
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-295
Affected Packages: openshift-builds/openshift-builds-waiters-rhel9:sha256:1beb2ef462b304a691c1bfd855bc6f70d26895a290de7524e0806ea023f92a30,multicluster-globalhub/multicluster-globalhub-agent-rhel9:sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1,
Package States: Assisted Installer for Red Hat OpenShift Container Platform 2,cert-manager Operator for Red Hat OpenShift,Compliance Operator,Confidential Compute Attestation,Confidential Compute Attestation,Cryostat 4,Custom Metric Autoscaler operator for Red Hat Openshift,Deployment Validation Operator,ExternalDNS Operator,ExternalDNS Operator,External Secrets Operator for Red Hat OpenShift,Fence Agents Remediation Operator,File Integrity Operator,Gatekeeper 3,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logical Volume Manager Storage,Logical Volume Manager Storage,Logical Volume Manager Storage,Machine Deletion Remediation Operator,Migration Toolkit for Applications 8,Migration Toolkit for Containers,mirror registry for Red Hat OpenShift,mirror registry for Red Hat OpenShift 2,Multicluster Engine for Kubernetes,Network Observability Operator,Node HealthCheck Operator,OpenShift API for Data Protection,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Developer Tools and Services,OpenShift Lightspeed,OpenShift Pipelines,OpenShift Serverless,OpenShift Serverless,OpenShift Serverless,OpenShift Service Mesh 2,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Power monitoring for Red Hat OpenShift,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apache Camel - HawtIO 4,Red Hat Certification Program for Red Hat Enterprise Linux 9,Red Hat Connectivity Link 1,Red Hat Developer Hub,Red Hat Edge Manager 1,Red Hat Edge Manager 1,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Hardened Images,Red Hat Lightspeed for Runtimes Operator,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Cluster Manager CLI,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat OpenShift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Workspaces Operator,Red Hat OpenShift distributed tracing 3,Red Hat OpenShift for Windows Containers,Red Hat OpenShift GitOps,Red Hat OpenShift on AWS,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenShift Virtualization 4,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 16.2,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 17.1,Red Hat OpenStack Platform 18.0,Red Hat OpenStack Platform 18.0,Red Hat Quay 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Satellite 6,Red Hat Service Interconnect 1,Red Hat Service Interconnect 2,Red Hat Trusted Artifact Signer,Red Hat Web Terminal,Security Profiles Operator,Service Telemetry Framework 1.5,streams for Apache Kafka 3,Zero Trust Workload Identity Manager,Zero Trust Workload Identity Manager - Tech Preview,
Full Details
CVE document

CVE-2026-30231
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445348
Bugzilla Description: flare: Flare: Information disclosure via inconsistent access checks for private files
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-639
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-30230
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445349
Bugzilla Description: flare: Flare: Unauthorized information disclosure due to improper access control in the thumbnail endpoint.
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-306
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3419
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445295
Bugzilla Description: fastify: Fastify: Bypass of Content-Type validation via malformed Content-Type headers
CVSS Score:
CVSSv3 Score: 5.3
Vector:
CWE: CWE-625
Affected Packages:
Package States: Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Dev Spaces,
Full Details
CVE document

CVE-2026-29091
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445262
Bugzilla Description: locutus: Locutus: Remote Code Execution via insecure callback function implementation
CVSS Score:
CVSSv3 Score: 8.1
Vector:
CWE: CWE-94
Affected Packages:
Package States: Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,Logging Subsystem for Red Hat OpenShift,
Full Details
CVE document

CVE-2026-29089
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445265
Bugzilla Description: timescaledb: TimescaleDB: Arbitrary code execution via malicious functions in user-writable schemas during extension upgrade
CVSS Score:
CVSSv3 Score: 8.8
Vector:
CWE: CWE-427
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-26017
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445244
Bugzilla Description: github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw
CVSS Score:
CVSSv3 Score: 7.7
Vector:
CWE: CWE-367
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Connectivity Link 1,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-26018
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445242
Bugzilla Description: github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1241
Affected Packages:
Package States: Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Connectivity Link 1,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-23925
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445155
Bugzilla Description: zabbix: Zabbix: Confidentiality loss via improper access control in configuration.import API
CVSS Score:
CVSSv3 Score: 7.6
Vector:
CWE: CWE-266
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29074
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445132
Bugzilla Description: svgo: SVGO: Denial of Service via XML entity expansion
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-776
Affected Packages:
Package States: Cryostat 4,Gatekeeper 3,Multicluster Engine for Kubernetes,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Pipelines,OpenShift Service Mesh 2,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,OpenShift Service Mesh 3,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat 3scale API Management Platform 2,Red Hat Advanced Cluster Management for Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat Ansible Automation Platform 2,Red Hat build of Apicurio Registry 2,Red Hat build of OptaPlanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Fuse 7,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform 8,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift Container Platform 4,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift Dev Spaces,Red Hat OpenShift distributed tracing 3,Red Hat Quay 3,Red Hat Quay 3,Red Hat Single Sign-On 7,Self-service automation portal 2,
Full Details
CVE document

CVE-2026-29062
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445135
Bugzilla Description: jackson-core: jackson-core: Denial of Service via excessive JSON nesting
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-1284
Affected Packages:
Package States: Red Hat Certificate System 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-28804
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445118
Bugzilla Description: pypdf: pypdf: Denial of Service via crafted PDF with ASCIIHexDecode filter
CVSS Score:
CVSSv3 Score: 6.5
Vector:
CWE: CWE-770
Affected Packages:
Package States: OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat Enterprise Linux AI (RHEL AI) 3,Red Hat OpenShift AI (RHOAI),
Full Details
CVE document

CVE-2026-28802
Severity: important
Released on: 06/03/2026
Advisory: RHSA-2026:4942, RHSA-2026:5168, RHSA-2026:5665,
Bugzilla: 2445120
Bugzilla Description: authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access
CVSS Score:
CVSSv3 Score: 9.1
Vector:
CWE: CWE-347
Affected Packages: quay/quay-rhel8:sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb,quay/quay-rhel8:sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2,quay/quay-rhel8:sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad,
Package States: Red Hat Ansible Automation Platform 2,Red Hat Quay 3,Red Hat Satellite 6,
Full Details
CVE document

CVE-2026-28799
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445116
Bugzilla Description: PJSIP: PJSIP: Denial of Service via heap use-after-free in event subscription
CVSS Score:
CVSSv3 Score: 7.5
Vector:
CWE: CWE-825
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-29068
Severity: important
Released on: 06/03/2026
Advisory:
Bugzilla: 2445115
Bugzilla Description: PJSIP: PJSIP: Denial of Service via malformed RTP payload processing
CVSS Score:
CVSSv3 Score: 9.8
Vector:
CWE: CWE-120
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-3632
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445127
Bugzilla Description: libsoup: libsoup: HTTP Smuggling and Server-Side Request Forgery via Malformed Hostnames
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-1286
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3633
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445128
Bugzilla Description: libsoup: libsoup: Header and HTTP request injection via CRLF injection
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2026-3634
Severity: moderate
Released on: 06/03/2026
Advisory:
Bugzilla: 2445129
Bugzilla Description: libsoup: libsoup: HTTP header injection and response splitting via CRLF injection in Content-Type header
CVSS Score:
CVSSv3 Score: 3.9
Vector:
CWE: CWE-93
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,
Full Details
CVE document

CVE-2025-69645
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445261
Bugzilla Description: binutils: Binutils objdump: Denial of Service via crafted DWARF debug information
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-1285
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69644
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445263
Bugzilla Description: binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-606
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69646
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445264
Bugzilla Description: binutils: Binutils: Denial of Service via malformed DWARF debug_rnglists data
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-606
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69650
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445293
Bugzilla Description: binutils: double free in readelf via crafted ELF binary with malformed relocation data
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-415
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69652
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445296
Bugzilla Description: binutils: abort in readelf via crafted ELF binary with malformed DWARF abbrev or debug information
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-617
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69649
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445298
Bugzilla Description: binutils: NULL pointer dereference in readelf via crafted ELF binary with malformed header fields
CVSS Score:
CVSSv3 Score: 3.3
Vector:
CWE: CWE-476
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2025-69651
Severity: low
Released on: 06/03/2026
Advisory:
Bugzilla: 2445299
Bugzilla Description: binutils: Binutils: Denial of Service via crafted ELF binary processing
CVSS Score:
CVSSv3 Score: 2.8
Vector:
CWE: CWE-824
Affected Packages:
Package States: Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 10,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9,Red Hat OpenShift Container Platform 4,
Full Details
CVE document

CVE-2026-3606
Severity: moderate
Released on: 05/03/2026
Advisory:
Bugzilla: 2445008
Bugzilla Description: Ettercap: Ettercap: Denial of Service via out-of-bounds read in etterfilter
CVSS Score:
CVSSv3 Score: 4.4
Vector:
CWE: CWE-125
Affected Packages:
Package States:
Full Details
CVE document

CVE-2026-0848
Severity:
Released on: 05/03/2026
Advisory:
Bugzilla: 2444957
Bugzilla Description: nltk: NLTK: Arbitrary code execution via unvalidated Java Archive (JAR) file loading
CVSS Score:
CVSSv3 Score: 10.0
Vector:
CWE: CWE-829
Affected Packages:
Package States: Lightspeed Core,OpenShift Lightspeed,OpenShift Lightspeed,OpenShift Lightspeed,Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),Red Hat OpenShift AI (RHOAI),
Full Details
CVE document