Red Hat Ai Inference Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Ai Inference Server.
Recent Red Hat Ai Inference Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:30089 | (RHSA-2026:30089) Red Hat AI Inference Server 3.3.5 (CUDA) | June 25, 2026 |
| RHSA-2026:30088 | (RHSA-2026:30088) Red Hat AI Inference Server 3.3.5 (ROCm) | June 25, 2026 |
| RHSA-2026:30087 | (RHSA-2026:30087) Red Hat AI Inference Server 3.3.5 (Spyre) | June 25, 2026 |
| RHSA-2026:30078 | (RHSA-2026:30078) Red Hat AI Inference Server Model Optimization Tools 3.3.5 (CUDA) | June 25, 2026 |
| RHSA-2026:25096 | (RHSA-2026:25096) Red Hat AI Inference Server Model Optimization Tools 3.2.2 (cuda) | June 10, 2026 |
| RHSA-2026:19725 | (RHSA-2026:19725) Red Hat AI Inference Server 3.2.2 (ROCm) | May 20, 2026 |
| RHSA-2026:19724 | (RHSA-2026:19724) Red Hat AI Inference Server 3.2.2 (CUDA) | May 20, 2026 |
| RHSA-2026:16009 | (RHSA-2026:16009) Red Hat AI Inference Server 3.3.3 (ROCm) | May 12, 2026 |
| RHSA-2026:16030 | (RHSA-2026:16030) Red Hat AI Inference Server 3.3.3 (CUDA) | May 12, 2026 |
| RHSA-2026:16008 | (RHSA-2026:16008) Red Hat AI Inference Server Model Optimization Tools 3.3.3 (CUDA) | May 12, 2026 |
By the Year
In 2026 there have been 12 vulnerabilities in Red Hat Ai Inference Server with an average score of 7.0 out of ten. Last year, in 2025 Ai Inference Server had 6 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.10.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 12 | 7.00 |
| 2025 | 6 | 6.90 |
| 2024 | 4 | 6.45 |
It may take a day or so for new Ai Inference Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Ai Inference Server Security Vulnerabilities
vLLM Image Metadata Handling CVE: EXIF/TPNG tRNS Vulnerability
CVE-2026-12491
4.8 - Medium
- June 17, 2026
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.
Misinterpretation of Input
Poppler Splash integer overflow arbitrary code exec
CVE-2026-10118
7.8 - High
- June 01, 2026
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.
Integer Overflow or Wraparound
Host Header Validation Bypass in Starlette <1.0.1 Leading to Routing Bypass
CVE-2026-48710
6.5 - Medium
- May 26, 2026
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.
HTTP Request Smuggling
CVE-2026-6385 FFmpeg DVD Subtitle Signed Int Overflow -> Heap OOB Write
CVE-2026-6385
6.5 - Medium
- April 15, 2026
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
Integer Overflow or Wraparound
libcap TOCTOU in cap_set_file() leads to privilege escalation
CVE-2026-4878
6.7 - Medium
- April 09, 2026
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
TOCTTOU
HeapBased Buffer Overflow in gdkpixbuf JPEG Loader Causing DoS
CVE-2026-5201
7.5 - High
- March 31, 2026
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Heap-based Buffer Overflow
Integer Overflow in libarchive ZISofs Block Pointer on 32bit
CVE-2026-5121
9.8 - Critical
- March 30, 2026
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Integer Overflow or Wraparound
libtiff Signed Integer Overflow OOB Heap Write in putcontig8bitYCbCr44tile
CVE-2026-4775
7.8 - High
- March 24, 2026
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Integer Overflow or Wraparound
libarchive Heap OOB Read via Craft RAR Archive
CVE-2026-4424
7.5 - High
- March 19, 2026
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Out-of-bounds Read
Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111
7.5 - High
- March 13, 2026
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Infinite Loop
uv ZIP Parsing Flaw Enables Code Execution During Package Install
CVE-2025-13327
6.3 - Medium
- February 27, 2026
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package.
Improper Validation of Syntactic Correctness of Input
GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831
5.3 - Medium
- February 09, 2026
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Inefficient Algorithmic Complexity
glib GIO escape_byte_string overflow causes heap buffer DoS
CVE-2025-14512
6.5 - Medium
- December 11, 2025
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Integer Overflow or Wraparound
GLib GVariant Buffer Underflow Heap Corruption (CVE-2025-14087)
CVE-2025-14087
5.6 - Medium
- December 10, 2025
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
Integer Overflow or Wraparound
vLLM MediaConnector SSRF via load_from_url
CVE-2025-6242
7.1 - High
- October 07, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
SSRF
Libtiff Write-What-Where via TIFF Height Field
CVE-2025-9900
8.8 - High
- September 23, 2025
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Write-what-where Condition
Auth Bypass in ai-inference-server /invocations Endpoint
CVE-2025-6920
5.3 - Medium
- July 01, 2025
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.
Missing Authentication for Critical Function
OOB Read in libssh SFTP Handle (CVE-2025-5318)
CVE-2025-5318
8.1 - High
- June 24, 2025
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Out-of-bounds Read
OpenJPEG Resource Exhaustion in opj_t1_decode_cblks Leading to DoS
CVE-2023-39329
6.5 - Medium
- July 13, 2024
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
Resource Exhaustion
OpenJPEG DoS via Malformed Image Loop
CVE-2023-39327
4.3 - Medium
- July 13, 2024
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
Resource Exhaustion
Heap Buffer Overflow in libtiff's TIFFReadRGBATileExt()
CVE-2023-52356
7.5 - High
- January 25, 2024
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Heap-based Buffer Overflow
libtiff OOM via TIFFRasterScanlineSize64 Triggering DoS
CVE-2023-52355
7.5 - High
- January 25, 2024
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Ai Inference Server or by Red Hat? Click the Watch button to subscribe.
