Red Hat Linux OS and other open source products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Red Hat product.
RSS Feeds for Red Hat security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Red Hat products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1534 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1504 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1493 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:12781 | (RHSA-2026:12781) Red Hat Hardened Images RPMs bug fix and enhancement update | May 1, 2026 |
| RHSA-2026:12740 | (RHSA-2026:12740) Red Hat Hardened Images RPMs bug fix and enhancement update | May 1, 2026 |
| RHSA-2026:12682 | (RHSA-2026:12682) Red Hat Hardened Images RPMs Security Update | May 1, 2026 |
| RHSA-2026:11822 | (RHSA-2026:11822) Important: OpenJDK 25.0.3 Security Update for Windows Builds | April 30, 2026 |
| RHSA-2026:12441 | (RHSA-2026:12441) Important: libcap security update | April 30, 2026 |
| RHSA-2026:12423 | (RHSA-2026:12423) Important: libcap security update | April 30, 2026 |
| RHSA-2026:12389 | (RHSA-2026:12389) Important: openssh security update | April 30, 2026 |
| RHSA-2026:12388 | (RHSA-2026:12388) Important: freerdp security update | April 30, 2026 |
| RHSA-2026:12359 | (RHSA-2026:12359) Important: freerdp security update | April 30, 2026 |
| RHSA-2026:12341 | (RHSA-2026:12341) Important: OpenEXR security update | April 30, 2026 |
By the Year
In 2026 there have been 665 vulnerabilities in Red Hat with an average score of 7.0 out of ten. Last year, in 2025 Red Hat had 1117 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Red Hat in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.46.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 665 | 7.00 |
| 2025 | 1117 | 6.54 |
| 2024 | 1678 | 6.55 |
| 2023 | 1206 | 6.75 |
| 2022 | 1362 | 6.97 |
| 2021 | 1123 | 6.62 |
| 2020 | 663 | 6.40 |
| 2019 | 772 | 6.98 |
| 2018 | 760 | 7.16 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-33845 | Apr 30, 2026 |
OOB Read via DTLS Fragment Underflow in GnuTLSA flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-3832 | Apr 30, 2026 |
GnuTLS OCSP Multi-Record Logic Error Allows Revoked Cert AcceptanceA flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-3833 | Apr 30, 2026 |
GnuTLS SAN case-sensitivity flaw can bypass nameConstraintsA flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
|
| CVE-2026-7500 | Apr 30, 2026 |
Privilege Escalation: Keycloak Account REST API Partially DisabledWhen Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional including both read and write operations because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API. |
Build Keycloak
|
| CVE-2026-7163 | Apr 30, 2026 |
MCE Assisted Service API exposes kubeadmin creds via GET endpointA vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace. The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected. This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode. Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters. |
Multicluster Engine
|
| CVE-2026-7309 | Apr 28, 2026 |
OpenShift: BuildEnv Injection via buildconfigs/instantiateA flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic. |
Openshift
|
| CVE-2026-5265 | Apr 24, 2026 |
CVE-2026-5265: ovn-controller ICMP Error Copies Partial Out-of-Bounds Heap DataWhen generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM. |
Enterprise Linux (RHEL)
|
| CVE-2026-5367 | Apr 24, 2026 |
OVN Remote OOB Read via Crafted DHCPv6 SOLICITA flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6732 | Apr 23, 2026 |
libxml2 XSD Internal Entity Type-Confusion DoSA flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable. |
Enterprise Linux (RHEL)
Jboss Core Services
Openshift
And others... |
| CVE-2026-2708 | Apr 23, 2026 |
libsoup HTTP Header Smuggling via Multiple CL HeadersA request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values. |
Enterprise Linux (RHEL)
|
| CVE-2026-34003 | Apr 23, 2026 |
X.Org X Server XKB OOB Memory Access (CVE-2026-34003)A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible. |
Enterprise Linux (RHEL)
|
| CVE-2026-34001 | Apr 23, 2026 |
X.Org XServer use-after-free in miSyncTriggerFence()A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system. |
Enterprise Linux (RHEL)
|
| CVE-2026-33999 | Apr 23, 2026 |
XKB Int Underflow in X.Org X ServerA flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. |
Enterprise Linux (RHEL)
|
| CVE-2025-66286 | Apr 23, 2026 |
CVE-2025-66286: WebKitGTK/WPE WebKit API Signal Bypass; IP/DNS/HTTP ExposedAn API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler. |
Enterprise Linux (RHEL)
|
| CVE-2025-13763 | Apr 23, 2026 |
Info Disclosure via Uninit Vars in libopenscMultiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs |
Enterprise Linux (RHEL)
|
| CVE-2026-6862 | Apr 22, 2026 |
RedHat libefiboot local DoS via invalid device path node lengthA flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS). |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6861 | Apr 22, 2026 |
Emacs SVG CSS Memory Corruption CVE-2026-6861A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure. |
Enterprise Linux (RHEL)
|
| CVE-2026-41651 | Apr 22, 2026 |
PackageKit <1.3.5 TOCTOU Privilege Escalation via Transaction FlagsPackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`: 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING. 2. Silent state-transition rejection (lines 873882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags. 3. Late flag read at execution time (lines 22732277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags. |
|
| CVE-2026-6859 | Apr 22, 2026 |
InstructLab: Arbitrary Code Exec via trust_remote_code TrueA flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise. |
Enterprise Linux Ai
|
| CVE-2026-6857 | Apr 22, 2026 |
Remote Code Execution via Unsafe Deserialization in Camel-Infinispan ProtoStreamA flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability. |
Camel Quarkus
Camel Spring Boot
Jboss Fuse
And others... |
| CVE-2026-6855 | Apr 22, 2026 |
InstructLab: Path Traversal in logs_dir Enables Local File WriteA flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure. |
Enterprise Linux Ai
|
| CVE-2026-6848 | Apr 22, 2026 |
Red Hat Quay Re-auth Bypass Allows Privileged OpsA flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials. |
Quay
|
| CVE-2026-6846 | Apr 22, 2026 |
Heap Buffer Overrun in binutils XCOFF linker leads to LPEA flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-6844 | Apr 22, 2026 |
Binutils Readelf Local DoS via Crafted ELF FilesA flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-6843 | Apr 22, 2026 |
nano Format String Vulnerability: Statusline DoSA flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6845 | Apr 22, 2026 |
binutils readelf DoS via crafted ELF fileA flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-6842 | Apr 22, 2026 |
CVE-2026-6842: Nano Dir Perm Flaw Allows Bad .desktop LauncherA flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-34282 | Apr 21, 2026 |
Oracle Java SE DoS via Networking APIs (8u481-perf 26)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
|
| CVE-2026-34268 | Apr 21, 2026 |
Oracle Java SE Security API Unauth Read (8u48126)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|
| CVE-2026-22021 | Apr 21, 2026 |
JSSE Unauth Network DoS in Oracle Java SE <26Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
|
| CVE-2026-22018 | Apr 21, 2026 |
Oracle Java SE Libraries Partial DoS in 8u48125.0.2 via Unauth API AttacksVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
|
| CVE-2026-22016 | Apr 21, 2026 |
Oracle Java SE JAXP RCE: 8u481, 11.0.30, 17.0.18, 21.0.10Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|
| CVE-2026-22013 | Apr 21, 2026 |
Oracle Java SE JGSS unauth access 8u48121.0.10+ GraalVMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). |
|
| CVE-2026-22008 | Apr 21, 2026 |
Oracle Java SE 25.0.1 Libraries Unauth Net Exploit for Sandbox CodeVulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
|
| CVE-2026-22007 | Apr 21, 2026 |
Oracle Java SE Security Vulnerability (8u481, 11.0.30, 17.0.18, 21.0.10)Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|
| CVE-2026-6786 | Apr 21, 2026 |
Firefox 149 / ESR 140.9 Memory Safety Bugs (Arbitrary Code Exec)Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6785 | Apr 21, 2026 |
Mozilla Firefox Memory Safety Bug (ESR 115.34, 115.35, ESR 140.9/140.10, 149)Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6776 | Apr 21, 2026 |
Firefox <150 WebRTC Networking boundary condition flaw (CVE-2026-6776)Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6772 | Apr 21, 2026 |
Firefox NSS Libraries Boundary Cond. before 150Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6771 | Apr 21, 2026 |
Firefox 150 DOM Mitigation Bypass in Security ComponentMitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6770 | Apr 21, 2026 |
IndexedDB flaw in Firefox <=150 (ESR 140.10)Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6769 | Apr 21, 2026 |
Priv Escalation in Firefox Debugger (before 150)Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6766 | Apr 21, 2026 |
Firefox NSS boundary overflow (before 150/140.10)Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6767 | Apr 21, 2026 |
NSS Lib Other Issue (Fixed in Firefox 150/ESR 115.35)Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6765 | Apr 21, 2026 |
Firefox Autofill Info Disclosure before 150Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6764 | Apr 21, 2026 |
Firefox DOM Boundary Condition Flaw in Device Interfaces (fixed in v150)Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6763 | Apr 21, 2026 |
Firefox File Handling Mitigation Bypass (Before 150/ESR 140.10)Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6762 | Apr 21, 2026 |
Firefox DOM Spoofing Vulnerability (pre-150) Core & HTMLSpoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6761 | Apr 21, 2026 |
Firefox 150 PrivEsc via Networking ComponentPrivilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
|
| CVE-2026-6759 | Apr 21, 2026 |
Use-after-free in Firefox Widget Cocoa (150)Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |