Pdrive Lightspeed Red Hat Pdrive Lightspeed

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat Pdrive Lightspeed.

By the Year

In 2026 there have been 5 vulnerabilities in Red Hat Pdrive Lightspeed with an average score of 7.4 out of ten.

Year Vulnerabilities Average Score
2026 5 7.38

It may take a day or so for new Pdrive Lightspeed vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Pdrive Lightspeed Security Vulnerabilities

RedHat OpenShift incluster-checks PrivEsc via Host-FS Debug Pods
CVE-2026-15584 7.5 - High - July 13, 2026

A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes.

Execution with Unnecessary Privileges

RedHat PenDrive RptGen XSS via ClusterVersion spec.channel
CVE-2026-13083 6.9 - Medium - June 25, 2026

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.

XSS

Pip console_scripts path flaw enables entry point out-of-dir
CVE-2026-8643 8 - High - June 01, 2026

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.

Directory traversal

CVE-2026-44604: rpmuncompress Command Injection W/O Sanitization
CVE-2026-44604 7 - High - May 28, 2026

A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.

Shell injection

urllib3 2.6.0-<2.7.0 Decompress Whole Response DoS via Brotli
CVE-2026-44432 7.5 - High - May 13, 2026

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

Data Amplification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Pdrive Lightspeed or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe