Red Hat Linux OS and other open source products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Red Hat product.
RSS Feeds for Red Hat security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Red Hat products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1534 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1504 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1493 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:9666 | (RHSA-2026:9666) Moderate: wireshark security update | April 22, 2026 |
| RHSA-2026:9656 | (RHSA-2026:9656) Important: freerdp security update | April 22, 2026 |
| RHSA-2026:8423 | (RHSA-2026:8423) Important: OpenShift Container Platform 4.18.38 bug fix and security update | April 22, 2026 |
| RHSA-2026:8448 | (RHSA-2026:8448) OpenShift Container Platform 4.18.38 bug fix and security update | April 22, 2026 |
| RHSA-2026:9644 | (RHSA-2026:9644) Moderate: kernel security update | April 22, 2026 |
| RHSA-2026:9643 | (RHSA-2026:9643) Moderate: kernel security update | April 22, 2026 |
| RHSA-2026:9641 | (RHSA-2026:9641) Important: freerdp security update | April 22, 2026 |
| RHSA-2026:9640 | (RHSA-2026:9640) Important: freerdp security update | April 22, 2026 |
| RHSA-2026:9638 | (RHSA-2026:9638) Important: thunderbird security update | April 22, 2026 |
| RHSA-2026:8449 | (RHSA-2026:8449) OpenShift Container Platform 4.18.38 security and extras update | April 22, 2026 |
By the Year
In 2026 there have been 506 vulnerabilities in Red Hat with an average score of 7.0 out of ten. Last year, in 2025 Red Hat had 1109 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Red Hat in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.47.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 506 | 7.01 |
| 2025 | 1109 | 6.54 |
| 2024 | 1678 | 6.55 |
| 2023 | 1206 | 6.75 |
| 2022 | 1362 | 6.97 |
| 2021 | 1123 | 6.62 |
| 2020 | 663 | 6.40 |
| 2019 | 772 | 6.98 |
| 2018 | 760 | 7.16 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-6848 | Apr 22, 2026 |
Red Hat Quay Re-auth Bypass Allows Privileged OpsA flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials. |
Quay
|
| CVE-2026-6846 | Apr 22, 2026 |
Heap Buffer Overrun in binutils XCOFF linker leads to LPEA flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-6844 | Apr 22, 2026 |
Binutils Readelf Local DoS via Crafted ELF FilesA flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-6843 | Apr 22, 2026 |
nano Format String Vulnerability: Statusline DoSA flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6845 | Apr 22, 2026 |
binutils readelf DoS via crafted ELF fileA flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-6842 | Apr 22, 2026 |
CVE-2026-6842: Nano Dir Perm Flaw Allows Bad .desktop LauncherA flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed. |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6507 | Apr 17, 2026 |
dnsmasq OOB Write via BOOTREPLY (DHCP Split Relay)A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS). |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6494 | Apr 17, 2026 |
Red Hat AAP MCP Server Log Injection via toolsetroute ParamA flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs. |
Ansible Automation Platform
|
| CVE-2026-6388 | Apr 15, 2026 |
CVE-2026-6388: ArgoCD Image Updater Cross-NS EscalationA flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates. |
Openshift Gitops
|
| CVE-2026-6385 | Apr 15, 2026 |
CVE-2026-6385 FFmpeg DVD Subtitle Signed Int Overflow -> Heap OOB WriteA flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution. |
Lightspeed Core
Ai Inference Server
Enterprise Linux Ai
And others... |
| CVE-2026-6384 | Apr 15, 2026 |
GIMP GIF ReadJeffsImage Buffer OverflowA flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution. |
Enterprise Linux (RHEL)
|
| CVE-2026-40919 | Apr 15, 2026 |
GIMP file-seattle-filmworks Plugin Buffer OverflowA flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application. |
Enterprise Linux (RHEL)
|
| CVE-2026-40918 | Apr 15, 2026 |
GIMP PVR Loader Stack Buffer Overflow Enables DoS VulnerabilityA flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected. |
Enterprise Linux (RHEL)
|
| CVE-2026-40917 | Apr 15, 2026 |
GIMP icns_slurp Heap Over-Read CVE-2026-40917A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process such files. |
Enterprise Linux (RHEL)
|
| CVE-2026-40916 | Apr 15, 2026 |
GIMP stack buffer overflow in TIM loader causes DoSA flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array. |
Enterprise Linux (RHEL)
|
| CVE-2026-40915 | Apr 15, 2026 |
GIMP FITS Loader Integer Overflow & Heap Buffer Overflow (CVE-2026-40915)A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution. |
Enterprise Linux (RHEL)
|
| CVE-2026-6245 | Apr 15, 2026 |
SSSD PAM Passkey Daemon DoS via Unbounded Read (SSSD pam_passkey_child_read_data)A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS). |
Enterprise Linux (RHEL)
Openshift
|
| CVE-2026-6383 | Apr 15, 2026 |
KubeVirt RBAC Truncation Authz Flaw Enables Unauthorized Subresource AccessA flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources. |
Container Native Virtualization
|
| CVE-2026-32203 | Apr 14, 2026 |
Apr 2026: .NET and Visual Studio Denial of Service VulnerabilityStack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. |
|
| CVE-2026-26171 | Apr 14, 2026 |
Apr 2026: .NET Denial of Service VulnerabilityUncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. |
|
| CVE-2026-33116 | Apr 14, 2026 |
Apr 2026: .NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityLoop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. |
|
| CVE-2026-32178 | Apr 14, 2026 |
Apr 2026: .NET Spoofing VulnerabilityImproper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. |
|
| CVE-2026-37980 | Apr 14, 2026 |
Keycloak: Stored XSS via org.alias in Login Page (manage-realm/organizations)A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm. |
Build Keycloak
|
| CVE-2026-40175 | Apr 10, 2026 |
Axios <1.15.0 Prototype Pollution RCE via Gadget AttackAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1. |
|
| CVE-2026-5483 | Apr 10, 2026 |
Red Hat ODHDashboard Vulnerability: SA Token Disclosure via NodeJS EndpointA flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources. |
Openshift Ai
|
| CVE-2026-1584 | Apr 09, 2026 |
GnuTLS Remote DoS via Malformed PSK Binder (NULL Ptr Deref)A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-4878 | Apr 09, 2026 |
libcap TOCTOU in cap_set_file() leads to privilege escalationA flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. |
Enterprise Linux (RHEL)
Openshift
Hummingbird
And others... |
| CVE-2025-62718 | Apr 09, 2026 |
Axios v1.15.0 Proxy Bypass via NO_PROXY Handling SSRFAxios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0. |
|
| CVE-2026-32591 | Apr 08, 2026 |
Red Hat Quay Proxy Cache Allows SSRF via Unverified HostnameA flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application. |
Mirror Registry
Quay
|
| CVE-2026-32590 | Apr 08, 2026 |
Code Execution via Malformed Resumable Uploads in Red Hat QuayA flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server. |
Mirror Registry
Quay
|
| CVE-2026-32589 | Apr 08, 2026 |
Red Hat Quay Auth User Interferes with in-progress Image UploadA flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload. |
Mirror Registry
Quay
|
| CVE-2025-14243 | Apr 08, 2026 |
OpenShift Mirror Registry Unauth Auth Failure Exposes Username/EmailA flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. |
Mirror Registry
|
| CVE-2026-2377 | Apr 08, 2026 |
Authenticated SSRF via Log Export in mirror-registryA flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems. |
Mirror Registry
Quay
|
| CVE-2025-58713 | Apr 08, 2026 |
Container Priv Escal on /etc/passwd in Red Hat Process Automation ManagerA container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. |
Jboss Enterprise Bpms Platform
|
| CVE-2025-57853 | Apr 08, 2026 |
Red Hat Web Terminal Container Priv Esc via Group-Writable /etc/passwdA container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. |
Webterminal
|
| CVE-2025-57854 | Apr 08, 2026 |
Root Escalation via GroupWritable /etc/passwd in OSUSA container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. |
Openshift Update Service
|
| CVE-2025-57847 | Apr 08, 2026 |
Ansible Automation Platform Container PrivEsc via Group-writable /etc/passwdA container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container. |
Ansible Automation Platform
|
| CVE-2025-57851 | Apr 08, 2026 |
Privilege Escalation via GroupWritable /etc/passwd in MCE for K8sA container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. |
Multicluster Engine
|
| CVE-2026-32280 | Apr 08, 2026 |
Go crypto/x509 Intermediates DoS (<=1.26.2)During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls. |
|
| CVE-2026-33810 | Apr 08, 2026 |
Go 1.26.x crypto/x509 DNS Constraint Case SensitivityWhen verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool. |
|
| CVE-2026-32282 | Apr 08, 2026 |
Privilege Escalation via fchmodat Symlink Race in Go <1.25.9 & 1.26.0-1.26.2On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation. |
|
| CVE-2025-14821 | Apr 07, 2026 |
libssh Local MITM via Insecure Default Config on WindowsA flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users. |
Enterprise Linux (RHEL)
Hummingbird
Openshift
And others... |
| CVE-2026-4631 | Apr 07, 2026 |
Cockpit :: Remote SSH Injection via Unvalidated Host/UsernameCockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability. |
Enterprise Linux (RHEL)
Enterprise Linux Eus
Rhel Eus
And others... |
| CVE-2026-5745 | Apr 07, 2026 |
NULL Pointer Deref in libarchive ACL Parsing (archive_acl_from_text_nl)A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS). |
Enterprise Linux (RHEL)
Openshift
Hummingbird
And others... |
| CVE-2026-4740 | Apr 07, 2026 |
OCM CA cert renewal flaw enables crosscluster privilege escalationA flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster. |
Multicluster Engine
|
| CVE-2026-5734 | Apr 07, 2026 |
Memory corruption in Firefox <149.0.2 & ESR <140.9.1Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. |
|
| CVE-2026-5732 | Apr 07, 2026 |
Integer Overflow in Firefox Graphics: Text Component (149.0.2 / ESR 140.9.1)Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. |
|
| CVE-2026-5731 | Apr 07, 2026 |
Mem safety bug in Firefox <149.0.2 (ESR 115/140)Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. |
|
| CVE-2026-34986 | Apr 06, 2026 |
GoJOSE JWE Decrypt Panic (DoS) Fixed v4.1.4/3.0.5Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5. |
|
| CVE-2026-5704 | Apr 06, 2026 |
Tar Hidden File Injection via Malicious ArchiveA flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection. |
Enterprise Linux (RHEL)
Hummingbird
|