Red Hat Pdrive Lightspeed
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Pdrive Lightspeed.
By the Year
In 2026 there have been 5 vulnerabilities in Red Hat Pdrive Lightspeed with an average score of 7.4 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 7.38 |
It may take a day or so for new Pdrive Lightspeed vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Pdrive Lightspeed Security Vulnerabilities
RedHat OpenShift incluster-checks PrivEsc via Host-FS Debug Pods
CVE-2026-15584
7.5 - High
- July 13, 2026
A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes.
Execution with Unnecessary Privileges
RedHat PenDrive RptGen XSS via ClusterVersion spec.channel
CVE-2026-13083
6.9 - Medium
- June 25, 2026
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.
XSS
Pip console_scripts path flaw enables entry point out-of-dir
CVE-2026-8643
8 - High
- June 01, 2026
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
Directory traversal
CVE-2026-44604: rpmuncompress Command Injection W/O Sanitization
CVE-2026-44604
7 - High
- May 28, 2026
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
Shell injection
urllib3 2.6.0-<2.7.0 Decompress Whole Response DoS via Brotli
CVE-2026-44432
7.5 - High
- May 13, 2026
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.
Data Amplification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Pdrive Lightspeed or by Red Hat? Click the Watch button to subscribe.