Red Hat Hummingbird

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat Hummingbird.

By the Year

In 2026 there have been 10 vulnerabilities in Red Hat Hummingbird with an average score of 6.1 out of ten. Last year, in 2025 Hummingbird had 1 security vulnerability published. That is, 9 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.03

Year	Vulnerabilities	Average Score
2026	10	6.07
2025	1	6.10

It may take a day or so for new Hummingbird vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Hummingbird Security Vulnerabilities

libssh Local MITM via Insecure Default Config on Windows
CVE-2025-14821 7.8 - High - April 07, 2026

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.

DLL preloading

util-linux login(1) Hostname Canonicalization flaw bypassing PAM access
CVE-2026-3184 3.7 - Low - April 03, 2026

A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

Authentication Bypass by Alternate Name

rust-rpm-sequoia OpenPGP Parse Failure Causes Unconditional Termination (DoS)
CVE-2026-2625 4 - Medium - April 03, 2026

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.

Improper Verification of Cryptographic Signature

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441)
CVE-2026-3441 6.1 - Medium - March 15, 2026

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

Out-of-bounds Read

BufOverflow bfd linker in GNU Binutils CVE-2026-3442
CVE-2026-3442 6.1 - Medium - March 15, 2026

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Out-of-bounds Read

Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111 7.5 - High - March 13, 2026

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Infinite Loop

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability
CVE-2026-26158 7 - High - February 11, 2026

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

External Control of File Name or Path

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite
CVE-2026-26157 7 - High - February 11, 2026

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

External Control of File Name or Path

GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831 5.3 - Medium - February 09, 2026

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Inefficient Algorithmic Complexity

Memory Leak in libxml2 xmllint Shell Leads to Local DoS
CVE-2026-1757 6.2 - Medium - February 02, 2026

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

Memory Leak

Heap Buffer Overread in util-linux setpwnam() (256-byte usernames)
CVE-2025-14104 6.1 - Medium - December 05, 2025

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Hummingbird or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

Red Hat Hummingbird
Product

Red Hat Hummingbird

Don't miss out!

By the Year

Recent Red Hat Hummingbird Security Vulnerabilities

libssh Local MITM via Insecure Default Config on Windows CVE-2025-14821 7.8 - High - April 07, 2026

util-linux login(1) Hostname Canonicalization flaw bypassing PAM access CVE-2026-3184 3.7 - Low - April 03, 2026

rust-rpm-sequoia OpenPGP Parse Failure Causes Unconditional Termination (DoS) CVE-2026-2625 4 - Medium - April 03, 2026

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441) CVE-2026-3441 6.1 - Medium - March 15, 2026

BufOverflow bfd linker in GNU Binutils CVE-2026-3442 CVE-2026-3442 6.1 - Medium - March 15, 2026

Infinite Loop in libarchive RAR5 Decompression causing DoS CVE-2026-4111 7.5 - High - March 13, 2026

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability CVE-2026-26158 7 - High - February 11, 2026

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite CVE-2026-26157 7 - High - February 11, 2026

GnuTLS DoS via oversized SANs in certificates CVE-2025-14831 5.3 - Medium - February 09, 2026

Memory Leak in libxml2 xmllint Shell Leads to Local DoS CVE-2026-1757 6.2 - Medium - February 02, 2026

Heap Buffer Overread in util-linux setpwnam() (256-byte usernames) CVE-2025-14104 6.1 - Medium - December 05, 2025

Stay on top of Security Vulnerabilities

Red Hat Vendor

Red Hat HummingbirdProduct

libssh Local MITM via Insecure Default Config on Windows
CVE-2025-14821 7.8 - High - April 07, 2026

util-linux login(1) Hostname Canonicalization flaw bypassing PAM access
CVE-2026-3184 3.7 - Low - April 03, 2026

rust-rpm-sequoia OpenPGP Parse Failure Causes Unconditional Termination (DoS)
CVE-2026-2625 4 - Medium - April 03, 2026

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441)
CVE-2026-3441 6.1 - Medium - March 15, 2026

BufOverflow bfd linker in GNU Binutils CVE-2026-3442
CVE-2026-3442 6.1 - Medium - March 15, 2026

Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111 7.5 - High - March 13, 2026

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability
CVE-2026-26158 7 - High - February 11, 2026

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite
CVE-2026-26157 7 - High - February 11, 2026

GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831 5.3 - Medium - February 09, 2026

Memory Leak in libxml2 xmllint Shell Leads to Local DoS
CVE-2026-1757 6.2 - Medium - February 02, 2026

Heap Buffer Overread in util-linux setpwnam() (256-byte usernames)
CVE-2025-14104 6.1 - Medium - December 05, 2025

Red Hat
Vendor

Red Hat Hummingbird
Product