Red Hat Cost Management
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Cost Management.
Recent Red Hat Cost Management Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:27998 | (RHSA-2026:27998) Cost Management Metrics Operator Update | June 22, 2026 |
| RHSA-2026:3228 | (RHSA-2026:3228) Cost Management Metrics Operator Update | February 24, 2026 |
| RHSA-2025:22428 | (RHSA-2025:22428) Cost Management Metrics Operator Update | December 1, 2025 |
| RHSA-2024:6462 | (RHSA-2024:6462) Moderate: Cost Management enhancement and security update | September 9, 2024 |
| RHSA-2023:6044 | (RHSA-2023:6044) Important: Cost Management security update | October 23, 2023 |
By the Year
In 2026 there have been 2 vulnerabilities in Red Hat Cost Management with an average score of 6.0 out of ten. Cost Management did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
It may take a day or so for new Cost Management vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Cost Management Security Vulnerabilities
libcap TOCTOU in cap_set_file() leads to privilege escalation
CVE-2026-4878
6.7 - Medium
- April 09, 2026
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
TOCTTOU
CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DS
CVE-2026-2100
5.3 - Medium
- March 26, 2026
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Access of Uninitialized Pointer
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Cost Management or by Red Hat? Click the Watch button to subscribe.
