Red Hat Linux OS and other open source products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Red Hat product.
RSS Feeds for Red Hat security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Red Hat products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1534 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1504 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1493 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:41130 | (RHSA-2026:41130) Red Hat Hardened Images RPMs Security Update | July 16, 2026 |
| RHSA-2026:41066 | (RHSA-2026:41066) Red Hat Quay 3.16.5 | July 16, 2026 |
| RHSA-2026:41064 | (RHSA-2026:41064) Important: Red Hat Advanced Cluster Management for Kubernetes v2.11.10 security update | July 16, 2026 |
| RHSA-2026:41056 | (RHSA-2026:41056) Important: Red Hat Advanced Cluster Management for Kubernetes v2.11.10 security update | July 16, 2026 |
| RHSA-2026:41055 | (RHSA-2026:41055) Important: multicluster engine for Kubernetes v2.6.12 security update | July 16, 2026 |
| RHSA-2026:41054 | (RHSA-2026:41054) Important: Red Hat Advanced Cluster Management for Kubernetes v2.11.10 security update | July 16, 2026 |
| RHSA-2026:41036 | (RHSA-2026:41036) Red Hat OpenShift Builds 1.8.1 | July 16, 2026 |
| RHSA-2026:41031 | (RHSA-2026:41031) Red Hat Quay 3.10.24 | July 16, 2026 |
| RHSA-2026:40485 | (RHSA-2026:40485) Red Hat Hardened Images RPMs bug fix and enhancement update | July 16, 2026 |
| RHSA-2026:41030 | (RHSA-2026:41030) Important: Multicluster Global Hub 1.4.5 security update | July 16, 2026 |
By the Year
In 2026 there have been 2121 vulnerabilities in Red Hat with an average score of 7.3 out of ten. Last year, in 2025 Red Hat had 1162 security vulnerabilities published. That is, 959 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.67.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2121 | 7.26 |
| 2025 | 1162 | 6.58 |
| 2024 | 1688 | 6.57 |
| 2023 | 1206 | 6.75 |
| 2022 | 1362 | 6.97 |
| 2021 | 1123 | 6.61 |
| 2020 | 664 | 6.39 |
| 2019 | 772 | 6.98 |
| 2018 | 760 | 7.16 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-15945 | Jul 16, 2026 |
Keycloak FGAP v2 Bypass: Delegated Admin Exposes Parent Group DataA flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration. |
And others... |
| CVE-2026-5674 | Jul 16, 2026 |
PipeWire Sandbox Escape via PulseAudio Compat LayerA flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system. |
|
| CVE-2026-48863 | Jul 16, 2026 |
libsolv PGP EdDSA Buffer Overflow (CVE-2026-48863)A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows. |
And others... |
| CVE-2026-1609 | Jul 16, 2026 |
Keycloak JWT grant bypass for disabled users due to missing validationA flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the users disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources. |
|
| CVE-2026-3842 | Jul 16, 2026 |
QEMU OOB Write via cpu_physical_mem Map Length MismatchA flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service. |
|
| CVE-2026-23538 | Jul 16, 2026 |
Feast Feature Server /ws/chat WS Auth Bypass Enables DOSA vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resourcessuch as memory, CPU, and file descriptorsleading to a complete denial of service for legitimate users. |
|
| CVE-2026-12382 | Jul 15, 2026 |
RedHat AAP Gateway: Envoy Proxy Subject header bypass via non-mTLS routeA flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed Subject header matching a legitimate client certificate DN to bypass mTLS authentication and inject arbitrary events into protected EDA event streams. |
And others... |
| CVE-2026-15779 | Jul 15, 2026 |
Samba pam_winbind: chown / via mkhomedir Availability lossA flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation. |
|
| CVE-2026-15809 | Jul 15, 2026 |
CRI-O Env Injection: Bypass CVE-2022-4318, Add /etc/passwd EntriesA flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. |
|
| CVE-2026-14251 | Jul 15, 2026 |
OpenShift GitOps Argo CD ClusterRole Reconciliation Ownership Bypass (DoS)A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collision, resulting in a denial of service. |
|
| CVE-2026-38753 | Jul 15, 2026 |
BusyBox v1.38 DoS via use-after-free in awk_sub (AWK)A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script. |
|
| CVE-2026-38754 | Jul 15, 2026 |
Busybox 1.38.0 ash Shell Heap Overflow DoSA heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input. |
|
| CVE-2026-53486 | Jul 14, 2026 |
decompress Node.js v<10.2.1 & 11.0.011.1.3 Path Traversal via Symlink/HardlinkThe decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink entries are created without checking where targets point, path containment used a string prefix comparison, and file modes failed to remove setuid, setgid, or sticky bits. This issue is fixed in @xhmikosr/decompress versions 10.2.1 and 11.1.3. |
|
| CVE-2026-15714 | Jul 14, 2026 |
libsoup OOB Read in multipart boundary parsingAn out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata. |
|
| CVE-2026-15713 | Jul 14, 2026 |
libsoup HTTP/2 Memory Leak Causing OOM DoS by Remote PeerA vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated attacker acting as a malicious network peer can trick the connection engine into allocating stream states that are subsequently leaked during cleanup. Over a sustained period, this flaw allows the remote attacker to consume the system's heap allocations incrementally, triggering a denial of service (DoS) through an ultimate Out-of-Memory (OOM) application crash. |
|
| CVE-2026-15711 | Jul 14, 2026 |
libsoup WebSocket Frame Length Validation DoSA vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE) contain a payload of 125 bytes or less. A remote, unauthenticated attacker can exploit this by sending a non-compliant, oversized control frame. Because the parser handles this protocol violation improperly instead of throwing an immediate connection termination error, it triggers a internal processing crash, resulting in a remote denial of service (DoS) for applications utilizing libsoup WebSockets. |
|
| CVE-2026-15709 | Jul 14, 2026 |
libsoup WebSocket permessage-deflate OOM DoS via decompression bombA flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via max_incoming_payload_size, it fails to track or limit memory allocation during decompression. A separate check for decompressed size (max_total_message_size) exists but executes only after inflation is complete, and it is entirely disabled by default for client connections. A remote, unauthenticated attacker can exploit this by sending a small, highly compressed payload (a decompression bomb), causing unbounded memory allocation that triggers an Out-of-Memory (OOM) crash and a Denial of Service (DoS). |
|
| CVE-2026-50659 | Jul 14, 2026 |
Jul 2026: .NET Spoofing VulnerabilityImproper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. |
|
| CVE-2026-47428 | Jul 14, 2026 |
Arbitrary JavaScript Execution via otelCarrier in Vitest Browser Mode <4.1.6Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /__vitest_test__/ with the otelCarrier query parameter inserted directly into an inline module script, allowing a crafted browser-runner URL to execute arbitrary JavaScript in the Vitest server origin and recover VITEST_API_TOKEN for authenticated API calls. This issue is fixed in versions 4.1.6 and 5.0.0-beta.3. |
|
| CVE-2026-47429 | Jul 14, 2026 |
Vitest Windows Path Traversal & Exec (3.2.5/4.1.0)Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path traversal to read files outside the project; exposed API write and rerun features such as saveTestFile and rerun could also allow arbitrary script execution. This issue is fixed in versions 3.2.5 and 4.1.0. |
|
| CVE-2026-47303 | Jul 14, 2026 |
Jul 2026: ASP.NET Core Elevation of Privilege VulnerabilityAuthentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. |
|
| CVE-2026-47300 | Jul 14, 2026 |
Jul 2026: ASP.NET Core Elevation of Privilege VulnerabilityIncorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. |
|
| CVE-2026-15712 | Jul 14, 2026 |
libsoup HTTP/2 GOAWAY Frame Heap Buffer Overread (CVE-2026-15712)A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminated C-string. Because the parser lacks strict length-boundary verification before reading this data, a remote, unauthenticated attacker can intentionally send a malformed GOAWAY frame missing the appropriate null delimiter. This causes the library to read past the end of the allocated buffer, triggering an application crash that results in a denial of service (DoS), or potentially exposing fragments of memory contents. |
|
| CVE-2026-56170 | Jul 14, 2026 |
Jul 2026: ASP.NET Core Denial of Service VulnerabilityAllocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
|
| CVE-2026-59884 | Jul 14, 2026 |
Unbounded Tag Parsing in pyasn1 <0.6.4 (DoS)pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4. |
|
| CVE-2026-59885 | Jul 14, 2026 |
pyasn1 0.6.4 Fix: Quadratic OID Parsing DOSpyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4. |
|
| CVE-2026-12478 | Jul 14, 2026 |
libsoup 3.6.6 Integer Overflow in Unmasked WebSocket Frames (Red Hat)The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted unmasked frame with a payload length near UINT64_MAX to trigger an OOB read in a libsoup-based client when max_incoming_payload_size is set to 0. |
|
| CVE-2026-15416 | Jul 14, 2026 |
Argo CD Repo-server RCE via Unauth Remote Code ExecutionA flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise. |
|
| CVE-2026-59084 | Jul 14, 2026 |
Apache Tomcat EncryptInterceptor Insufficient Docs 7.0-11.0.23Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.24, 10.1.57 or 9.0.120 which fix the issue. |
|
| CVE-2026-59083 | Jul 14, 2026 |
Apache Tomcat RewriteValve URL Decode Bypass <=11.0.23,<10.1.56,<9.0.119,<8.5.100Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.24, 10.1.57 or 9.0.120, which fix the issue. |
|
| CVE-2026-13221 | Jul 13, 2026 |
Perl 5.43.9 Regex Trie Overflow before 5.44 causes false matchesPerl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong. |
|
| CVE-2026-57432 | Jul 13, 2026 |
Perl <=5.43.10 Integer Overflow in S_measure_struct Exposes OOB Heap ReadPerl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller. |
|
| CVE-2026-40553 | Jul 13, 2026 |
gawk <5.4.0 Buffer Overflow (ftype)Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below. |
|
| CVE-2026-15584 | Jul 13, 2026 |
RedHat OpenShift incluster-checks PrivEsc via Host-FS Debug PodsA privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes. |
|
| CVE-2026-62147 | Jul 13, 2026 |
Tempo Operator RBAC Redaction Bug Exposes Span Attrs Across NamespacesThe Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. |
|
| CVE-2026-15574 | Jul 13, 2026 |
vllm-orchestrator-gateway PII Leak: Logs Auth Headers & Chat PayloadsA flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information (PII) and secrets, to persistent logs. This sensitive data, including bearer tokens and chat content, can be accessed by any user with logging privileges. This vulnerability leads to information disclosure, potentially allowing an attacker to harvest credentials and sensitive conversation content. |
|
| CVE-2026-15143 | Jul 10, 2026 |
XSD Injection in guardrails-detectors File_Type Detector Enables SSRF & LFIA flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services. |
|
| CVE-2026-15028 | Jul 10, 2026 |
Heap Overflow in libarchive PAX Header ParsingA flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. |
And others... |
| CVE-2026-15378 | Jul 10, 2026 |
Red Hat guardrails-detectors SSRF via crafted XSD blind requestA flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets. |
|
| CVE-2026-15308 | Jul 09, 2026 |
CPython <3.16 CPU DoS via Unterminated Markup in html.parser.HTMLParserThe incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. |
|
| CVE-2026-59692 | Jul 09, 2026 |
Stack Buffer Overflow in GStreamer DTLS Plugin (CVE-2026-59692)A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service. |
|
| CVE-2026-59691 | Jul 09, 2026 |
GStreamer rfbsrc plugin heap buffer overflow via HextileA heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit pixels. This type mismatch causes an out-of-bounds heap write that can lead to denial of service (process crash) and potential memory corruption. |
|
| CVE-2026-56289 | Jul 09, 2026 |
DoS in GNU Patch via Unrealistic Hunk OffsetsGNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position. This results in excessive CPU consumption and prevents the process from completing. An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination. This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9 |
|
| CVE-2026-56288 | Jul 09, 2026 |
Null Pointer Dereference in GNU Patch (CVE-2026-56288)GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313 |
|
| CVE-2026-15154 | Jul 08, 2026 |
ReDoS in guardrails-detectors (Red Hat OpenShift AI)A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline. |
|
| CVE-2026-59890 | Jul 08, 2026 |
setuptools <83 FileList Unicode normalization bypass (CVE-2026-59890)setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0. |
|
| CVE-2026-39822 | Jul 08, 2026 |
Go os Root symlink traversal before 1.27 (v1.25.12 & 1.26 <1.26.5)On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root. |
|
| CVE-2026-59725 | Jul 08, 2026 |
Socket.io 4.1.06.6.6: Engine.IO v4 Polling HTTP Leak DoSSocket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7. |
|
| CVE-2026-59869 | Jul 08, 2026 |
js-yaml Quadratic CPU DoS via Merge Keys before 3.15/4.3js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in versions 3.15.0 and 4.3.0. |
|
| CVE-2026-15063 | Jul 08, 2026 |
Unauthorized Access via Unproxied Metrics in TrustYai Gorch ServiceA flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics. |
|