Red Hat Devworkspace
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Devworkspace.
Recent Red Hat Devworkspace Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:2454 | (RHSA-2026:2454) DevWorkspace Operator 0.39.0 release. | February 10, 2026 |
| RHSA-2023:4889 | (RHSA-2023:4889) Important: DevWorkspace Operator 0.22 release | August 30, 2023 |
| RHSA-2023:4276 | (RHSA-2023:4276) Moderate: DevWorkspace Operator Security Update | July 25, 2023 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Devworkspace. Last year, in 2025 Devworkspace had 3 security vulnerabilities published. Right now, Devworkspace is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 5.47 |
It may take a day or so for new Devworkspace vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Devworkspace Security Vulnerabilities
Operator SDK <0.15.2 RCE via insecure user_setup /etc/passwd
CVE-2025-7195
5.2 - Medium
- August 07, 2025
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Incorrect Default Permissions
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Verification of Cryptographic Signature
DoS via Stack Overflow in libexpat Recursive Entity Expansion
CVE-2024-8176
7.5 - High
- March 14, 2025
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Devworkspace or by Red Hat? Click the Watch button to subscribe.
