Red Hat Hummingbird

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat Hummingbird.

By the Year

In 2026 there have been 35 vulnerabilities in Red Hat Hummingbird with an average score of 5.9 out of ten. Last year, in 2025 Hummingbird had 18 security vulnerabilities published. That is, 17 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.80

Year	Vulnerabilities	Average Score
2026	35	5.91
2025	18	6.71

It may take a day or so for new Hummingbird vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Hummingbird Security Vulnerabilities

libxml2 XSD Internal Entity Type-Confusion DoS
CVE-2026-6732 6.5 - Medium - April 23, 2026

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Object Type Confusion

Heap Buffer Overrun in binutils XCOFF linker leads to LPE
CVE-2026-6846 7.8 - High - April 22, 2026

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Heap-based Buffer Overflow

Binutils Readelf Local DoS via Crafted ELF Files
CVE-2026-6844 5.5 - Medium - April 22, 2026

A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.

Resource Exhaustion

binutils readelf DoS via crafted ELF file
CVE-2026-6845 5 - Medium - April 22, 2026

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.

NULL Pointer Dereference

GnuTLS Remote DoS via Malformed PSK Binder (NULL Ptr Deref)
CVE-2026-1584 7.5 - High - April 09, 2026

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.

NULL Pointer Dereference

libcap TOCTOU in cap_set_file() leads to privilege escalation
CVE-2026-4878 6.7 - Medium - April 09, 2026

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

TOCTTOU

libssh Local MITM via Insecure Default Config on Windows
CVE-2025-14821 7.8 - High - April 07, 2026

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.

DLL preloading

NULL Pointer Deref in libarchive ACL Parsing (archive_acl_from_text_nl)
CVE-2026-5745 5.5 - Medium - April 07, 2026

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).

NULL Pointer Dereference

Tar Hidden File Injection via Malicious Archive
CVE-2026-5704 5 - Medium - April 06, 2026

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Unrestricted File Upload

util-linux login(1) Hostname Canonicalization flaw bypassing PAM access
CVE-2026-3184 3.7 - Low - April 03, 2026

A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

Authentication Bypass by Alternate Name

rust-rpm-sequoia OpenPGP Parse Failure Causes Unconditional Termination (DoS)
CVE-2026-2625 4 - Medium - April 03, 2026

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.

Improper Verification of Cryptographic Signature

Integer Overflow in libarchive ZISofs Block Pointer on 32bit
CVE-2026-5121 9.8 - Critical - March 30, 2026

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

Integer Overflow or Wraparound

libssh Denial of Service via Arbitrary File Access during Config Parsing
CVE-2026-0965 - March 26, 2026

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.

External Control of File Name or Path

Libssh DoS via regex backtracking in match_pattern with crafted hostnames
CVE-2026-0967 - March 26, 2026

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.

ReDoS

libssh SFTP longname NullCheck: Heap OverRead -> DoS
CVE-2026-0968 3.1 - Low - March 26, 2026

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.

NULL Pointer Dereference

SCP Client Path Traversal Allowing Local File Overwrite (CVE-2026-0964)
CVE-2026-0964 - March 26, 2026

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

Directory traversal

OpenSSH ssh_get_hexa Zero-Length Leak Self-DoS via GSSAPI
CVE-2026-0966 - March 26, 2026

The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.

buffer underrun

CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DS
CVE-2026-2100 5.3 - Medium - March 26, 2026

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

Access of Uninitialized Pointer

libtiff Signed Integer Overflow OOB Heap Write in putcontig8bitYCbCr44tile
CVE-2026-4775 7.8 - High - March 24, 2026

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

Integer Overflow or Wraparound

BFD Library XCOFF Relocation Validation Defect DoS
CVE-2026-4647 6.1 - Medium - March 23, 2026

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

Out-of-bounds Read

UB in libarchive Zisofs Decompressor Enables DoS via Malicious ISO
CVE-2026-4426 6.5 - Medium - March 19, 2026

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.

1335

libarchive Heap OOB Read via Craft RAR Archive
CVE-2026-4424 7.5 - High - March 19, 2026

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Out-of-bounds Read

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441)
CVE-2026-3441 6.1 - Medium - March 15, 2026

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

Out-of-bounds Read

BufOverflow bfd linker in GNU Binutils CVE-2026-3442
CVE-2026-3442 6.1 - Medium - March 15, 2026

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Out-of-bounds Read

Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111 7.5 - High - March 13, 2026

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Infinite Loop

systemd Improper Access Control in D-Bus RegisterMachine
CVE-2026-4105 6.7 - Medium - March 13, 2026

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Authorization

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability
CVE-2026-26158 7 - High - February 11, 2026

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

External Control of File Name or Path

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite
CVE-2026-26157 7 - High - February 11, 2026

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

External Control of File Name or Path

GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831 5.3 - Medium - February 09, 2026

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Inefficient Algorithmic Complexity

Memory Leak in libxml2 xmllint Shell Leads to Local DoS
CVE-2026-1757 6.2 - Medium - February 02, 2026

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

Memory Leak

GnuTLS Stack Buffer Overflow in PKCS#11 Init Allows DoS/Code Exec
CVE-2025-9820 4 - Medium - January 26, 2026

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Stack Overflow

CVE-2026-0988: Glib g_buffered_input_stream_peek Integer Overflow
CVE-2026-0988 3.7 - Low - January 21, 2026

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Integer Overflow or Wraparound

libxml2 XML Catalog DoS via Repeated <nextCatalog> Recursion
CVE-2026-0992 2.9 - Low - January 15, 2026

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Resource Exhaustion

Denial-of-Service via Unbounded <include> Recursion in libxml2 RelaxNG Parser
CVE-2026-0989 3.7 - Low - January 15, 2026

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Stack Exhaustion

libxml2 Uncontrolled Recursion in xmlCatalogXMLResolveURI Causing DoS
CVE-2026-0990 5.9 - Medium - January 15, 2026

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Stack Exhaustion

glib GIO escape_byte_string overflow causes heap buffer DoS
CVE-2025-14512 6.5 - Medium - December 11, 2025

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Integer Overflow or Wraparound

GLib GVariant Buffer Underflow Heap Corruption (CVE-2025-14087)
CVE-2025-14087 5.6 - Medium - December 10, 2025

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Integer Overflow or Wraparound

Heap Buffer Overread in util-linux setpwnam() (256-byte usernames)
CVE-2025-14104 6.1 - Medium - December 05, 2025

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Out-of-bounds Read

Glib Heap Buffer Overflow in g_escape_uri_string()
CVE-2025-13601 7.7 - High - November 26, 2025

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Integer Overflow or Wraparound

libxslt exsltFuncResultComp type confusion may lead to crash
CVE-2025-11731 3.1 - Low - October 14, 2025

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Object Type Confusion

libxslt UAF Vulnerability in XSL Node Parsing
CVE-2025-10911 5.5 - Medium - September 25, 2025

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Dangling pointer

Libtiff Write-What-Where via TIFF Height Field
CVE-2025-9900 8.8 - High - September 23, 2025

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.

Write-what-where Condition

Podman v4.0.0–v5.6.1: kube Play Overwrite Host Files via Symlink Volumes
CVE-2025-9566 8.1 - High - September 05, 2025

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

Directory traversal

Type Confusion via Shared psvi Field in libxslt XML Transform
CVE-2025-7424 7.5 - High - July 10, 2025

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Object Type Confusion

libxslt Heap Corruption via atype Flag Manipulation
CVE-2025-7425 7.8 - High - July 10, 2025

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Dangling pointer

GnuTLS certtool Heap OOB Null Write in Template Parsing – DoS
CVE-2025-32990 6.5 - Medium - July 10, 2025

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Heap-based Buffer Overflow

GnuTLS Double-Free in SAN Export Logic (CVE-2025-32988)
CVE-2025-32988 6.5 - Medium - July 10, 2025

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Double-free

GnuTLS CT SCT Heap-Buffer-Overread (CVE-2025-32989)
CVE-2025-32989 5.3 - Medium - July 10, 2025

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Improper Certificate Validation

UAF in libxml2 XPath Parsing via sch:name Path (CVE-2025-49794)
CVE-2025-49794 9.1 - Critical - June 16, 2025

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Dangling pointer

libxml2 NULL ptr deref via XPath causes DoS
CVE-2025-49795 7.5 - High - June 16, 2025

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Hummingbird or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

Red Hat Hummingbird
Product

Red Hat Hummingbird

Don't miss out!

By the Year

Recent Red Hat Hummingbird Security Vulnerabilities

libxml2 XSD Internal Entity Type-Confusion DoS CVE-2026-6732 6.5 - Medium - April 23, 2026

Heap Buffer Overrun in binutils XCOFF linker leads to LPE CVE-2026-6846 7.8 - High - April 22, 2026

Binutils Readelf Local DoS via Crafted ELF Files CVE-2026-6844 5.5 - Medium - April 22, 2026

binutils readelf DoS via crafted ELF file CVE-2026-6845 5 - Medium - April 22, 2026

GnuTLS Remote DoS via Malformed PSK Binder (NULL Ptr Deref) CVE-2026-1584 7.5 - High - April 09, 2026

libcap TOCTOU in cap_set_file() leads to privilege escalation CVE-2026-4878 6.7 - Medium - April 09, 2026

libssh Local MITM via Insecure Default Config on Windows CVE-2025-14821 7.8 - High - April 07, 2026

NULL Pointer Deref in libarchive ACL Parsing (archive_acl_from_text_nl) CVE-2026-5745 5.5 - Medium - April 07, 2026

Tar Hidden File Injection via Malicious Archive CVE-2026-5704 5 - Medium - April 06, 2026

util-linux login(1) Hostname Canonicalization flaw bypassing PAM access CVE-2026-3184 3.7 - Low - April 03, 2026

rust-rpm-sequoia OpenPGP Parse Failure Causes Unconditional Termination (DoS) CVE-2026-2625 4 - Medium - April 03, 2026

Integer Overflow in libarchive ZISofs Block Pointer on 32bit CVE-2026-5121 9.8 - Critical - March 30, 2026

libssh Denial of Service via Arbitrary File Access during Config Parsing CVE-2026-0965 - March 26, 2026

Libssh DoS via regex backtracking in match_pattern with crafted hostnames CVE-2026-0967 - March 26, 2026

libssh SFTP longname NullCheck: Heap OverRead -> DoS CVE-2026-0968 3.1 - Low - March 26, 2026

SCP Client Path Traversal Allowing Local File Overwrite (CVE-2026-0964) CVE-2026-0964 - March 26, 2026

OpenSSH ssh_get_hexa Zero-Length Leak Self-DoS via GSSAPI CVE-2026-0966 - March 26, 2026

CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DS CVE-2026-2100 5.3 - Medium - March 26, 2026

libtiff Signed Integer Overflow OOB Heap Write in putcontig8bitYCbCr44tile CVE-2026-4775 7.8 - High - March 24, 2026

BFD Library XCOFF Relocation Validation Defect DoS CVE-2026-4647 6.1 - Medium - March 23, 2026

UB in libarchive Zisofs Decompressor Enables DoS via Malicious ISO CVE-2026-4426 6.5 - Medium - March 19, 2026

libarchive Heap OOB Read via Craft RAR Archive CVE-2026-4424 7.5 - High - March 19, 2026

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441) CVE-2026-3441 6.1 - Medium - March 15, 2026

BufOverflow bfd linker in GNU Binutils CVE-2026-3442 CVE-2026-3442 6.1 - Medium - March 15, 2026

Infinite Loop in libarchive RAR5 Decompression causing DoS CVE-2026-4111 7.5 - High - March 13, 2026

systemd Improper Access Control in D-Bus RegisterMachine CVE-2026-4105 6.7 - Medium - March 13, 2026

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability CVE-2026-26158 7 - High - February 11, 2026

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite CVE-2026-26157 7 - High - February 11, 2026

GnuTLS DoS via oversized SANs in certificates CVE-2025-14831 5.3 - Medium - February 09, 2026

Memory Leak in libxml2 xmllint Shell Leads to Local DoS CVE-2026-1757 6.2 - Medium - February 02, 2026

GnuTLS Stack Buffer Overflow in PKCS#11 Init Allows DoS/Code Exec CVE-2025-9820 4 - Medium - January 26, 2026

CVE-2026-0988: Glib g_buffered_input_stream_peek Integer Overflow CVE-2026-0988 3.7 - Low - January 21, 2026

libxml2 XML Catalog DoS via Repeated <nextCatalog> Recursion CVE-2026-0992 2.9 - Low - January 15, 2026

Denial-of-Service via Unbounded <include> Recursion in libxml2 RelaxNG Parser CVE-2026-0989 3.7 - Low - January 15, 2026

libxml2 Uncontrolled Recursion in xmlCatalogXMLResolveURI Causing DoS CVE-2026-0990 5.9 - Medium - January 15, 2026

glib GIO escape_byte_string overflow causes heap buffer DoS CVE-2025-14512 6.5 - Medium - December 11, 2025

GLib GVariant Buffer Underflow Heap Corruption (CVE-2025-14087) CVE-2025-14087 5.6 - Medium - December 10, 2025

Heap Buffer Overread in util-linux setpwnam() (256-byte usernames) CVE-2025-14104 6.1 - Medium - December 05, 2025

Glib Heap Buffer Overflow in g_escape_uri_string() CVE-2025-13601 7.7 - High - November 26, 2025

libxslt exsltFuncResultComp type confusion may lead to crash CVE-2025-11731 3.1 - Low - October 14, 2025

libxslt UAF Vulnerability in XSL Node Parsing CVE-2025-10911 5.5 - Medium - September 25, 2025

Libtiff Write-What-Where via TIFF Height Field CVE-2025-9900 8.8 - High - September 23, 2025

Podman v4.0.0–v5.6.1: kube Play Overwrite Host Files via Symlink Volumes CVE-2025-9566 8.1 - High - September 05, 2025

Type Confusion via Shared psvi Field in libxslt XML Transform CVE-2025-7424 7.5 - High - July 10, 2025

libxslt Heap Corruption via atype Flag Manipulation CVE-2025-7425 7.8 - High - July 10, 2025

GnuTLS certtool Heap OOB Null Write in Template Parsing – DoS CVE-2025-32990 6.5 - Medium - July 10, 2025

GnuTLS Double-Free in SAN Export Logic (CVE-2025-32988) CVE-2025-32988 6.5 - Medium - July 10, 2025

GnuTLS CT SCT Heap-Buffer-Overread (CVE-2025-32989) CVE-2025-32989 5.3 - Medium - July 10, 2025

UAF in libxml2 XPath Parsing via sch:name Path (CVE-2025-49794) CVE-2025-49794 9.1 - Critical - June 16, 2025

libxml2 NULL ptr deref via XPath causes DoS CVE-2025-49795 7.5 - High - June 16, 2025

Stay on top of Security Vulnerabilities

Red Hat Vendor

Red Hat HummingbirdProduct

libxml2 XSD Internal Entity Type-Confusion DoS
CVE-2026-6732 6.5 - Medium - April 23, 2026

Heap Buffer Overrun in binutils XCOFF linker leads to LPE
CVE-2026-6846 7.8 - High - April 22, 2026

Binutils Readelf Local DoS via Crafted ELF Files
CVE-2026-6844 5.5 - Medium - April 22, 2026

binutils readelf DoS via crafted ELF file
CVE-2026-6845 5 - Medium - April 22, 2026

GnuTLS Remote DoS via Malformed PSK Binder (NULL Ptr Deref)
CVE-2026-1584 7.5 - High - April 09, 2026

libcap TOCTOU in cap_set_file() leads to privilege escalation
CVE-2026-4878 6.7 - Medium - April 09, 2026

libssh Local MITM via Insecure Default Config on Windows
CVE-2025-14821 7.8 - High - April 07, 2026

NULL Pointer Deref in libarchive ACL Parsing (archive_acl_from_text_nl)
CVE-2026-5745 5.5 - Medium - April 07, 2026

Tar Hidden File Injection via Malicious Archive
CVE-2026-5704 5 - Medium - April 06, 2026

util-linux login(1) Hostname Canonicalization flaw bypassing PAM access
CVE-2026-3184 3.7 - Low - April 03, 2026

rust-rpm-sequoia OpenPGP Parse Failure Causes Unconditional Termination (DoS)
CVE-2026-2625 4 - Medium - April 03, 2026

Integer Overflow in libarchive ZISofs Block Pointer on 32bit
CVE-2026-5121 9.8 - Critical - March 30, 2026

libssh Denial of Service via Arbitrary File Access during Config Parsing
CVE-2026-0965 - March 26, 2026

Libssh DoS via regex backtracking in match_pattern with crafted hostnames
CVE-2026-0967 - March 26, 2026

libssh SFTP longname NullCheck: Heap OverRead -> DoS
CVE-2026-0968 3.1 - Low - March 26, 2026

SCP Client Path Traversal Allowing Local File Overwrite (CVE-2026-0964)
CVE-2026-0964 - March 26, 2026

OpenSSH ssh_get_hexa Zero-Length Leak Self-DoS via GSSAPI
CVE-2026-0966 - March 26, 2026

CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DS
CVE-2026-2100 5.3 - Medium - March 26, 2026

libtiff Signed Integer Overflow OOB Heap Write in putcontig8bitYCbCr44tile
CVE-2026-4775 7.8 - High - March 24, 2026

BFD Library XCOFF Relocation Validation Defect DoS
CVE-2026-4647 6.1 - Medium - March 23, 2026

UB in libarchive Zisofs Decompressor Enables DoS via Malicious ISO
CVE-2026-4426 6.5 - Medium - March 19, 2026

libarchive Heap OOB Read via Craft RAR Archive
CVE-2026-4424 7.5 - High - March 19, 2026

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441)
CVE-2026-3441 6.1 - Medium - March 15, 2026

BufOverflow bfd linker in GNU Binutils CVE-2026-3442
CVE-2026-3442 6.1 - Medium - March 15, 2026

Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111 7.5 - High - March 13, 2026

systemd Improper Access Control in D-Bus RegisterMachine
CVE-2026-4105 6.7 - Medium - March 13, 2026

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability
CVE-2026-26158 7 - High - February 11, 2026

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite
CVE-2026-26157 7 - High - February 11, 2026

GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831 5.3 - Medium - February 09, 2026

Memory Leak in libxml2 xmllint Shell Leads to Local DoS
CVE-2026-1757 6.2 - Medium - February 02, 2026

GnuTLS Stack Buffer Overflow in PKCS#11 Init Allows DoS/Code Exec
CVE-2025-9820 4 - Medium - January 26, 2026

CVE-2026-0988: Glib g_buffered_input_stream_peek Integer Overflow
CVE-2026-0988 3.7 - Low - January 21, 2026

libxml2 XML Catalog DoS via Repeated <nextCatalog> Recursion
CVE-2026-0992 2.9 - Low - January 15, 2026

Denial-of-Service via Unbounded <include> Recursion in libxml2 RelaxNG Parser
CVE-2026-0989 3.7 - Low - January 15, 2026

libxml2 Uncontrolled Recursion in xmlCatalogXMLResolveURI Causing DoS
CVE-2026-0990 5.9 - Medium - January 15, 2026

glib GIO escape_byte_string overflow causes heap buffer DoS
CVE-2025-14512 6.5 - Medium - December 11, 2025

GLib GVariant Buffer Underflow Heap Corruption (CVE-2025-14087)
CVE-2025-14087 5.6 - Medium - December 10, 2025

Heap Buffer Overread in util-linux setpwnam() (256-byte usernames)
CVE-2025-14104 6.1 - Medium - December 05, 2025

Glib Heap Buffer Overflow in g_escape_uri_string()
CVE-2025-13601 7.7 - High - November 26, 2025

libxslt exsltFuncResultComp type confusion may lead to crash
CVE-2025-11731 3.1 - Low - October 14, 2025

libxslt UAF Vulnerability in XSL Node Parsing
CVE-2025-10911 5.5 - Medium - September 25, 2025

Libtiff Write-What-Where via TIFF Height Field
CVE-2025-9900 8.8 - High - September 23, 2025

Podman v4.0.0–v5.6.1: kube Play Overwrite Host Files via Symlink Volumes
CVE-2025-9566 8.1 - High - September 05, 2025

Type Confusion via Shared psvi Field in libxslt XML Transform
CVE-2025-7424 7.5 - High - July 10, 2025

libxslt Heap Corruption via atype Flag Manipulation
CVE-2025-7425 7.8 - High - July 10, 2025

GnuTLS certtool Heap OOB Null Write in Template Parsing – DoS
CVE-2025-32990 6.5 - Medium - July 10, 2025

GnuTLS Double-Free in SAN Export Logic (CVE-2025-32988)
CVE-2025-32988 6.5 - Medium - July 10, 2025

GnuTLS CT SCT Heap-Buffer-Overread (CVE-2025-32989)
CVE-2025-32989 5.3 - Medium - July 10, 2025

UAF in libxml2 XPath Parsing via sch:name Path (CVE-2025-49794)
CVE-2025-49794 9.1 - Critical - June 16, 2025

libxml2 NULL ptr deref via XPath causes DoS
CVE-2025-49795 7.5 - High - June 16, 2025

Red Hat
Vendor

Red Hat Hummingbird
Product