Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12313 vulnerabilities by RedHat

    CVE-2026-15154 (GCVE-0-2026-15154)

    Vulnerability from nvd – Published: 2026-07-08 19:50 – Updated: 2026-07-08 20:38
    VLAI
    Title
    Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex
    Summary
    A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15154 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2498188 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Date Public
    2026-07-08 18:43
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T20:38:40.332330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T20:38:46.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-built-in-detector-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-08T18:43:36.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:50:51.563Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15154"
            },
            {
              "name": "RHBZ#2498188",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498188"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-26T12:47:20.317Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-08T18:43:36.000Z",
              "value": "Made public."
            }
          ],
          "title": "Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1333: Inefficient Regular Expression Complexity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15154",
        "datePublished": "2026-07-08T19:50:51.563Z",
        "dateReserved": "2026-07-08T19:44:43.020Z",
        "dateUpdated": "2026-07-08T20:38:46.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15041 (GCVE-0-2026-15041)

    Vulnerability from nvd – Published: 2026-07-08 10:15 – Updated: 2026-07-08 13:44
    VLAI
    Title
    389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification
    Summary
    A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15041 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2498022 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-08 09:58
    Credits
    Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:44:08.886989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:44:19.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-08T09:58:21.463Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-208",
                  "description": "Observable Timing Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T11:06:57.873Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15041"
            },
            {
              "name": "RHBZ#2498022",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498022"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T09:55:42.287Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-08T09:58:21.463Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification",
          "workarounds": [
            {
              "lang": "en",
              "value": "If possible, configure 389 Directory Server to use an alternative password storage scheme (e.g., SSHA512 or GOST-Yescrypt) which uses constant-time comparison."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-208: Observable Timing Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15041",
        "datePublished": "2026-07-08T10:15:30.480Z",
        "dateReserved": "2026-07-08T10:00:02.126Z",
        "dateUpdated": "2026-07-08T13:44:19.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14969 (GCVE-0-2026-14969)

    Vulnerability from nvd – Published: 2026-07-07 15:48 – Updated: 2026-07-07 16:11
    VLAI
    Title
    389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption
    Summary
    A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-329 - Generation of Predictable IV with CBC Mode
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14969 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497735 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 15:32
    Credits
    Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T16:11:32.041523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:11:40.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T15:32:28.365Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-329",
                  "description": "Generation of Predictable IV with CBC Mode",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:48:04.478Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14969"
            },
            {
              "name": "RHBZ#2497735",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497735"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-07T14:53:34.580Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T15:32:28.365Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable attribute encryption if it is not required for the deployment. If attribute encryption is required, restrict filesystem access to the LDBM database directory (/var/lib/dirsrv/slapd-\u003cinstance\u003e/db/) to ensure only authorized administrators can read database files."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-329: Generation of Predictable IV with CBC Mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14969",
        "datePublished": "2026-07-07T15:48:04.478Z",
        "dateReserved": "2026-07-07T15:32:40.440Z",
        "dateUpdated": "2026-07-07T16:11:40.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14940 (GCVE-0-2026-14940)

    Vulnerability from nvd – Published: 2026-07-07 13:54 – Updated: 2026-07-07 15:35
    VLAI
    Title
    389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn
    Summary
    A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14940 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497697 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 12:01
    Credits
    Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T15:35:34.392277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T15:35:45.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T12:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When\nnormalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a\nmultivalued nested Relative Distinguished Name (RDN), the server can write past the\nend of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated\nremote attacker can trigger this condition by sending an LDAP operation whose DN\nreaches the DN normalization routine, such as a search with a crafted base DN. This\ncan corrupt heap memory and may cause denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T13:54:20.688Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14940"
            },
            {
              "name": "RHBZ#2497697",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-02T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T12:01:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14940",
        "datePublished": "2026-07-07T13:54:20.688Z",
        "dateReserved": "2026-07-07T12:01:04.779Z",
        "dateUpdated": "2026-07-07T15:35:45.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58384 (GCVE-0-2026-58384)

    Vulnerability from nvd – Published: 2026-07-07 07:44 – Updated: 2026-07-07 13:31
    VLAI
    Title
    Gimp: gimp: integer overflow in read_rle_channel()
    Summary
    A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:30:05.659315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:31:00.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T07:44:28.139Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58384"
            },
            {
              "name": "RHBZ#2497431",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497431"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16216"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: integer overflow in read_rle_channel()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PSD file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58384",
        "datePublished": "2026-07-07T07:44:28.139Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-07T13:31:00.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59089 (GCVE-0-2026-59089)

    Vulnerability from nvd – Published: 2026-07-06 19:38 – Updated: 2026-07-06 19:48
    VLAI
    Title
    Gimp: gimp: denial of service via integer overflow in playstation tim loader
    Summary
    A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Date Public
    2026-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59089",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:48:49.016983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:48:53.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T19:38:16.905Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-59089"
            },
            {
              "name": "RHBZ#2496583",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496583"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T15:36:51.520Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: denial of service via integer overflow in playstation tim loader",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-59089",
        "datePublished": "2026-07-06T19:38:16.905Z",
        "dateReserved": "2026-07-02T15:11:12.820Z",
        "dateUpdated": "2026-07-06T19:48:53.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58380 (GCVE-0-2026-58380)

    Vulnerability from nvd – Published: 2026-07-06 13:58 – Updated: 2026-07-06 15:41
    VLAI
    Title
    Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()
    Summary
    A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:41:04.583701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:41:15.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T13:58:43.680Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58380"
            },
            {
              "name": "RHBZ#2496135",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496135"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16206"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PNM file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-193: Off-by-one Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58380",
        "datePublished": "2026-07-06T13:58:43.680Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-06T15:41:15.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58016 (GCVE-0-2026-58016)

    Vulnerability from nvd – Published: 2026-06-30 13:02 – Updated: 2026-06-30 14:38
    VLAI
    Title
    Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
    Summary
    A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:54:25.243451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T14:01:02.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a \u003cnode\u003e element nested within other elements like \u003cmethod\u003e, \u003csignal\u003e, \u003cproperty\u003e or \u003carg\u003e. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.929Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58016"
            },
            {
              "name": "RHBZ#2492257",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492257"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3932"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:29:08.344Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: integer underflow in gio/gdbusintrospection.c via \"g_dbus_node_info_new_for_xml\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement input validation to sanitize untrusted D-Bus introspection XML, specifically rejecting malformed structures such as \u003cnode\u003e elements improperly nested within \u003cmethod\u003e, \u003csignal\u003e, \u003cproperty\u003e or \u003carg\u003e elements before calling g_dbus_node_info_new_for_xml(). Alternatively, restricting the application to only process XML input from trusted, authenticated sources will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58016",
        "datePublished": "2026-06-30T13:02:45.931Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-06-30T14:38:17.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58015 (GCVE-0-2026-58015)

    Vulnerability from nvd – Published: 2026-06-30 13:02 – Updated: 2026-07-02 00:42
    VLAI
    Title
    Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
    Summary
    A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Thepwnisher for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58015",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:27:59.851892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:42:47.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Thepwnisher for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:18.061Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58015"
            },
            {
              "name": "RHBZ#2492256",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492256"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3931"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:22:00.405Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, ensure that applications only connect to trusted D-Bus servers and operate within secure, isolated networks to prevent man-in-the-middle (MitM) attacks. If feasible, configuring the D-Bus connection to strictly require the EXTERNAL authentication mechanism and disabling DBUS_COOKIE_SHA1 will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58015",
        "datePublished": "2026-06-30T13:02:45.854Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-07-02T00:42:47.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58014 (GCVE-0-2026-58014)

    Vulnerability from nvd – Published: 2026-06-30 12:57 – Updated: 2026-06-30 18:49
    VLAI
    Title
    Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
    Summary
    A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-07 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58014",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T18:45:19.043229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T18:49:54.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3930"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.790Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58014"
            },
            {
              "name": "RHBZ#2492255",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492255"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3930"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:16:25.796Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: off-by-one error in glib/gkeyfile.c via \"g_key_file_get_locale_string_list\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement input validation to sanitize untrusted key files (such as .desktop or .ini files), specifically rejecting or stripping empty values before calling g_key_file_get_locale_string_list(). Alternatively, restricting the application to only load key files from trusted sources will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-193: Off-by-one Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58014",
        "datePublished": "2026-06-30T12:57:35.898Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-06-30T18:49:54.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58013 (GCVE-0-2026-58013)

    Vulnerability from nvd – Published: 2026-06-30 12:57 – Updated: 2026-06-30 15:58
    VLAI
    Title
    Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
    Summary
    A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-03 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T14:17:50.722495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:58:08.967Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.519Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58013"
            },
            {
              "name": "RHBZ#2492248",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492248"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3925"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:49:18.947Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: buffer over-read in glib/giochannel.c via \"g_io_channel_read_line_backend\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, restrict any custom line terminator string passed to g_io_channel_set_line_term() to a maximum length of one byte before calling g_io_channel_read_line_backend(). Using the default line terminators will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58013",
        "datePublished": "2026-06-30T12:57:34.902Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T15:58:08.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58012 (GCVE-0-2026-58012)

    Vulnerability from nvd – Published: 2026-06-30 12:57 – Updated: 2026-06-30 14:38
    VLAI
    Title
    Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
    Summary
    A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GNOME GLib Affected: 0 , < 2.86.5 (semver)
    Affected: 0 , < 2.88.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-03-27 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:17:40.887957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:18:19.247Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.86.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.617Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58012"
            },
            {
              "name": "RHBZ#2492247",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492247"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3918"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:40:58.048Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement strict input validation to sanitize user-supplied replacement strings, specifically rejecting or escaping case-change modifiers (\\u, \\l, \\U, \\L) before calling g_regex_replace() or g_regex_replace_eval() when the G_REGEX_RAW compile flag is used. Removing the G_REGEX_RAW flag or hardcoding the replacement strings will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58012",
        "datePublished": "2026-06-30T12:57:21.859Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T14:38:17.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58011 (GCVE-0-2026-58011)

    Vulnerability from nvd – Published: 2026-06-30 12:57 – Updated: 2026-06-30 14:28
    VLAI
    Title
    Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
    Summary
    A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GNOME GLib Affected: 0 , < 2.86.5 (semver)
    Affected: 0 , < 2.88.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-03-27 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58011",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:18:37.092171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:18:41.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/glib/-/work_items/3917"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.86.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:28:17.185Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58011"
            },
            {
              "name": "RHBZ#2492245",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492245"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3917"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:30:03.305Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, in applications processing user-supplied dates, implement input validation to ensure the supplied date is within the supported range before calling g_date_time_add_full() with untrusted data, specifically rejecting inputs that result in a negative or zero days field."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58011",
        "datePublished": "2026-06-30T12:57:15.173Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T14:28:17.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58010 (GCVE-0-2026-58010)

    Vulnerability from nvd – Published: 2026-06-30 12:57 – Updated: 2026-06-30 14:28
    VLAI
    Title
    Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()
    Summary
    A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GNOME GLib Affected: 0 , < 2.86.5 (semver)
    Affected: 0 , < 2.88.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-03-26 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T14:02:50.825354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T14:03:48.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.86.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses \u003e instead of \u003e=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:28:12.417Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58010"
            },
            {
              "name": "RHBZ#2492243",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492243"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3915"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:21:49.589Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-26T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58010",
        "datePublished": "2026-06-30T12:57:15.125Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T14:28:12.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4629 (GCVE-0-2026-4629)

    Vulnerability from nvd – Published: 2026-06-30 12:00 – Updated: 2026-07-01 14:26
    VLAI
    Title
    Keycloak: keycloak: privilege escalation through hardcoded role mapper injection
    Summary
    A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-4629 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2450244 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Date Public
    2026-04-20 12:34
    Credits
    Red Hat would like to thank Daniel Peters (Operating Intelligence Inc.), Lior Moshe (Operating Intelligence Inc.), and Uri Rolls (Operating Intelligence Inc.) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4629",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:26:33.448859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:26:59.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Daniel Peters (Operating Intelligence Inc.), Lior Moshe (Operating Intelligence Inc.), and Uri Rolls (Operating Intelligence Inc.) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-20T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:00:28.631Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-4629"
            },
            {
              "name": "RHBZ#2450244",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450244"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T08:01:10.722Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-20T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak: keycloak: privilege escalation through hardcoded role mapper injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-4629",
        "datePublished": "2026-06-30T12:00:28.631Z",
        "dateReserved": "2026-03-23T08:02:49.337Z",
        "dateUpdated": "2026-07-01T14:26:59.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14209 (GCVE-0-2026-14209)

    Vulnerability from nvd – Published: 2026-06-30 11:48 – Updated: 2026-07-05 06:10
    VLAI
    Title
    Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions
    Summary
    A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14209 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2494837 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-06-30 11:08
    Credits
    Red Hat would like to thank Jinyeong Yang for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14209",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T18:46:23.302478Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T18:46:34.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-admin-ui",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-admin-ui",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jinyeong Yang for reporting this issue."
            }
          ],
          "datePublic": "2026-06-30T11:08:07.532Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Keycloak\u0027s Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific \"brute-force-user\" endpoint to access a user\u0027s full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required \"view\" permission for that specific user when using this particular search path."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T06:10:07.550Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14209"
            },
            {
              "name": "RHBZ#2494837",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494837"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-29T20:54:20.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-30T11:08:07.532Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14209",
        "datePublished": "2026-06-30T11:48:26.492Z",
        "dateReserved": "2026-06-30T10:52:31.949Z",
        "dateUpdated": "2026-07-05T06:10:07.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12388 (GCVE-0-2026-12388)

    Vulnerability from nvd – Published: 2026-06-30 12:00 – Updated: 2026-06-30 15:58
    VLAI
    Title
    Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper
    Summary
    A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-12388 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2489140 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Date Public
    2026-06-30 11:49
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T14:18:51.123959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:58:24.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-06-30T11:49:29.358Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a \"Hardcoded Role\" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:00:28.675Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-12388"
            },
            {
              "name": "RHBZ#2489140",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489140"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T14:45:28.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-30T11:49:29.358Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-12388",
        "datePublished": "2026-06-30T12:00:28.675Z",
        "dateReserved": "2026-06-16T11:41:17.075Z",
        "dateUpdated": "2026-06-30T15:58:24.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15154 (GCVE-0-2026-15154)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:50 – Updated: 2026-07-08 20:38
    VLAI
    Title
    Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex
    Summary
    A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15154 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2498188 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Date Public
    2026-07-08 18:43
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T20:38:40.332330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T20:38:46.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoai/odh-built-in-detector-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-08T18:43:36.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:50:51.563Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15154"
            },
            {
              "name": "RHBZ#2498188",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498188"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-26T12:47:20.317Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-08T18:43:36.000Z",
              "value": "Made public."
            }
          ],
          "title": "Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1333: Inefficient Regular Expression Complexity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15154",
        "datePublished": "2026-07-08T19:50:51.563Z",
        "dateReserved": "2026-07-08T19:44:43.020Z",
        "dateUpdated": "2026-07-08T20:38:46.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15041 (GCVE-0-2026-15041)

    Vulnerability from cvelistv5 – Published: 2026-07-08 10:15 – Updated: 2026-07-08 13:44
    VLAI
    Title
    389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification
    Summary
    A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-208 - Observable Timing Discrepancy
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15041 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2498022 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-08 09:58
    Credits
    Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15041",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:44:08.886989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:44:19.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-08T09:58:21.463Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-208",
                  "description": "Observable Timing Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T11:06:57.873Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15041"
            },
            {
              "name": "RHBZ#2498022",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498022"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T09:55:42.287Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-08T09:58:21.463Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification",
          "workarounds": [
            {
              "lang": "en",
              "value": "If possible, configure 389 Directory Server to use an alternative password storage scheme (e.g., SSHA512 or GOST-Yescrypt) which uses constant-time comparison."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-208: Observable Timing Discrepancy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15041",
        "datePublished": "2026-07-08T10:15:30.480Z",
        "dateReserved": "2026-07-08T10:00:02.126Z",
        "dateUpdated": "2026-07-08T13:44:19.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14969 (GCVE-0-2026-14969)

    Vulnerability from cvelistv5 – Published: 2026-07-07 15:48 – Updated: 2026-07-07 16:11
    VLAI
    Title
    389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption
    Summary
    A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-329 - Generation of Predictable IV with CBC Mode
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14969 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497735 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 15:32
    Credits
    Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T16:11:32.041523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:11:40.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T15:32:28.365Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-329",
                  "description": "Generation of Predictable IV with CBC Mode",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:48:04.478Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14969"
            },
            {
              "name": "RHBZ#2497735",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497735"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-07T14:53:34.580Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T15:32:28.365Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable attribute encryption if it is not required for the deployment. If attribute encryption is required, restrict filesystem access to the LDBM database directory (/var/lib/dirsrv/slapd-\u003cinstance\u003e/db/) to ensure only authorized administrators can read database files."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-329: Generation of Predictable IV with CBC Mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14969",
        "datePublished": "2026-07-07T15:48:04.478Z",
        "dateReserved": "2026-07-07T15:32:40.440Z",
        "dateUpdated": "2026-07-07T16:11:40.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14940 (GCVE-0-2026-14940)

    Vulnerability from cvelistv5 – Published: 2026-07-07 13:54 – Updated: 2026-07-07 15:35
    VLAI
    Title
    389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn
    Summary
    A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14940 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497697 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 12:01
    Credits
    Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T15:35:34.392277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T15:35:45.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T12:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When\nnormalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a\nmultivalued nested Relative Distinguished Name (RDN), the server can write past the\nend of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated\nremote attacker can trigger this condition by sending an LDAP operation whose DN\nreaches the DN normalization routine, such as a search with a crafted base DN. This\ncan corrupt heap memory and may cause denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T13:54:20.688Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14940"
            },
            {
              "name": "RHBZ#2497697",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-02T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T12:01:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14940",
        "datePublished": "2026-07-07T13:54:20.688Z",
        "dateReserved": "2026-07-07T12:01:04.779Z",
        "dateUpdated": "2026-07-07T15:35:45.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58384 (GCVE-0-2026-58384)

    Vulnerability from cvelistv5 – Published: 2026-07-07 07:44 – Updated: 2026-07-07 13:31
    VLAI
    Title
    Gimp: gimp: integer overflow in read_rle_channel()
    Summary
    A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:30:05.659315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:31:00.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T07:44:28.139Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58384"
            },
            {
              "name": "RHBZ#2497431",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497431"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16216"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: integer overflow in read_rle_channel()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PSD file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58384",
        "datePublished": "2026-07-07T07:44:28.139Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-07T13:31:00.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59089 (GCVE-0-2026-59089)

    Vulnerability from cvelistv5 – Published: 2026-07-06 19:38 – Updated: 2026-07-06 19:48
    VLAI
    Title
    Gimp: gimp: denial of service via integer overflow in playstation tim loader
    Summary
    A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Date Public
    2026-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59089",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:48:49.016983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:48:53.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T19:38:16.905Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-59089"
            },
            {
              "name": "RHBZ#2496583",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496583"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T15:36:51.520Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: denial of service via integer overflow in playstation tim loader",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-59089",
        "datePublished": "2026-07-06T19:38:16.905Z",
        "dateReserved": "2026-07-02T15:11:12.820Z",
        "dateUpdated": "2026-07-06T19:48:53.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58380 (GCVE-0-2026-58380)

    Vulnerability from cvelistv5 – Published: 2026-07-06 13:58 – Updated: 2026-07-06 15:41
    VLAI
    Title
    Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()
    Summary
    A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:41:04.583701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:41:15.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T13:58:43.680Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58380"
            },
            {
              "name": "RHBZ#2496135",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496135"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16206"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PNM file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-193: Off-by-one Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58380",
        "datePublished": "2026-07-06T13:58:43.680Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-06T15:41:15.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58016 (GCVE-0-2026-58016)

    Vulnerability from cvelistv5 – Published: 2026-06-30 13:02 – Updated: 2026-06-30 14:38
    VLAI
    Title
    Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
    Summary
    A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:54:25.243451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T14:01:02.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a \u003cnode\u003e element nested within other elements like \u003cmethod\u003e, \u003csignal\u003e, \u003cproperty\u003e or \u003carg\u003e. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.929Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58016"
            },
            {
              "name": "RHBZ#2492257",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492257"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3932"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:29:08.344Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: integer underflow in gio/gdbusintrospection.c via \"g_dbus_node_info_new_for_xml\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement input validation to sanitize untrusted D-Bus introspection XML, specifically rejecting malformed structures such as \u003cnode\u003e elements improperly nested within \u003cmethod\u003e, \u003csignal\u003e, \u003cproperty\u003e or \u003carg\u003e elements before calling g_dbus_node_info_new_for_xml(). Alternatively, restricting the application to only process XML input from trusted, authenticated sources will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58016",
        "datePublished": "2026-06-30T13:02:45.931Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-06-30T14:38:17.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58015 (GCVE-0-2026-58015)

    Vulnerability from cvelistv5 – Published: 2026-06-30 13:02 – Updated: 2026-07-02 00:42
    VLAI
    Title
    Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
    Summary
    A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Thepwnisher for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58015",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:27:59.851892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:42:47.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Thepwnisher for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:18.061Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58015"
            },
            {
              "name": "RHBZ#2492256",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492256"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3931"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:22:00.405Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, ensure that applications only connect to trusted D-Bus servers and operate within secure, isolated networks to prevent man-in-the-middle (MitM) attacks. If feasible, configuring the D-Bus connection to strictly require the EXTERNAL authentication mechanism and disabling DBUS_COOKIE_SHA1 will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58015",
        "datePublished": "2026-06-30T13:02:45.854Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-07-02T00:42:47.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58014 (GCVE-0-2026-58014)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:57 – Updated: 2026-06-30 18:49
    VLAI
    Title
    Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
    Summary
    A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-07 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58014",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T18:45:19.043229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T18:49:54.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3930"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.790Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58014"
            },
            {
              "name": "RHBZ#2492255",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492255"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3930"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:16:25.796Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: off-by-one error in glib/gkeyfile.c via \"g_key_file_get_locale_string_list\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement input validation to sanitize untrusted key files (such as .desktop or .ini files), specifically rejecting or stripping empty values before calling g_key_file_get_locale_string_list(). Alternatively, restricting the application to only load key files from trusted sources will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-193: Off-by-one Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58014",
        "datePublished": "2026-06-30T12:57:35.898Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-06-30T18:49:54.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58013 (GCVE-0-2026-58013)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:57 – Updated: 2026-06-30 15:58
    VLAI
    Title
    Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
    Summary
    A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-03 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T14:17:50.722495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:58:08.967Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.519Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58013"
            },
            {
              "name": "RHBZ#2492248",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492248"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3925"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:49:18.947Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: buffer over-read in glib/giochannel.c via \"g_io_channel_read_line_backend\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, restrict any custom line terminator string passed to g_io_channel_set_line_term() to a maximum length of one byte before calling g_io_channel_read_line_backend(). Using the default line terminators will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58013",
        "datePublished": "2026-06-30T12:57:34.902Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T15:58:08.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58012 (GCVE-0-2026-58012)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:57 – Updated: 2026-06-30 14:38
    VLAI
    Title
    Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
    Summary
    A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GNOME GLib Affected: 0 , < 2.86.5 (semver)
    Affected: 0 , < 2.88.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-03-27 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:17:40.887957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:18:19.247Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.86.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.617Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58012"
            },
            {
              "name": "RHBZ#2492247",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492247"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3918"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:40:58.048Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement strict input validation to sanitize user-supplied replacement strings, specifically rejecting or escaping case-change modifiers (\\u, \\l, \\U, \\L) before calling g_regex_replace() or g_regex_replace_eval() when the G_REGEX_RAW compile flag is used. Removing the G_REGEX_RAW flag or hardcoding the replacement strings will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-126: Buffer Over-read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58012",
        "datePublished": "2026-06-30T12:57:21.859Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T14:38:17.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58011 (GCVE-0-2026-58011)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:57 – Updated: 2026-06-30 14:28
    VLAI
    Title
    Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
    Summary
    A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    GNOME GLib Affected: 0 , < 2.86.5 (semver)
    Affected: 0 , < 2.88.1 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Date Public
    2026-03-27 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58011",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:18:37.092171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:18:41.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/glib/-/work_items/3917"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.86.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:28:17.185Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58011"
            },
            {
              "name": "RHBZ#2492245",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492245"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3917"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T16:30:03.305Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, in applications processing user-supplied dates, implement input validation to ensure the supplied date is within the supported range before calling g_date_time_add_full() with untrusted data, specifically rejecting inputs that result in a negative or zero days field."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58011",
        "datePublished": "2026-06-30T12:57:15.173Z",
        "dateReserved": "2026-06-26T20:59:47.855Z",
        "dateUpdated": "2026-06-30T14:28:17.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }