Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-2100 (GCVE-0-2026-2100)
Vulnerability from cvelistv5 – Published: 2026-03-26 20:01 – Updated: 2026-06-02 18:40
VLAI
EPSS
Title
P11-kit: null dereference via c_derivekey with specific null parameters
Summary
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:18143 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:18599 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21275 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22634 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7065 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-2100 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2437308 | issue-trackingx_refsource_REDHAT |
| https://github.com/p11-glue/p11-kit/pull/740 |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:0.26.2-1.el10 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:0.26.2-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Hardened Images |
Unaffected:
0.26.2-1.1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
1780420428 , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1779798159 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1779798164 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1779798165 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1779798222 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public
2026-02-06 08:08
Credits
This issue was discovered by Zoltan Fridrich (Red Hat).
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T20:30:34.453809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T20:30:53.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "p11-kit",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.26.2-1.el10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "p11-kit",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.26.2-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "p11-kit",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.26.2-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "p11-kit-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.26.2-1.1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1780420428",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/cds-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779798159",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/haproxy-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779798164",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/installer-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779798165",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/rhua-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779798222",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "p11-kit",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "p11-kit",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "p11-kit",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Zoltan Fridrich (Red Hat)."
}
],
"datePublic": "2026-02-06T08:08:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T18:40:04.886Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:18143",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18143"
},
{
"name": "RHSA-2026:18599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18599"
},
{
"name": "RHSA-2026:21275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21275"
},
{
"name": "RHSA-2026:22634",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"name": "RHSA-2026:7065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7065"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"name": "RHBZ#2437308",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
},
{
"url": "https://github.com/p11-glue/p11-kit/pull/740"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-06T12:02:49.002Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-06T08:08:00.000Z",
"value": "Made public."
}
],
"title": "P11-kit: null dereference via c_derivekey with specific null parameters",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-2100",
"datePublished": "2026-03-26T20:01:46.174Z",
"dateReserved": "2026-02-06T12:05:50.501Z",
"dateUpdated": "2026-06-02T18:40:04.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2100",
"date": "2026-06-11",
"epss": "0.00093",
"percentile": "0.25987"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2100\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-03-26T21:17:04.247\",\"lastModified\":\"2026-06-02T20:16:33.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en p11-kit. Un atacante remoto podr\u00eda explotar esta vulnerabilidad al llamar a la funci\u00f3n C_DeriveKey en un token remoto con par\u00e1metros espec\u00edficos del mecanismo de derivaci\u00f3n IBM kyber o IBM btc establecidos en NULL. Esto podr\u00eda llevar al cliente RPC intentando devolver un valor no inicializado, resultando potencialmente en una desreferencia NULL o comportamiento indefinido. Este problema puede causar una denegaci\u00f3n de servicio a nivel de aplicaci\u00f3n o a otros estados impredecibles del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-824\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:p11-kit_project:p11-kit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC8CB498-F5D5-4AB6-B33E-404C80966280\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87DEB507-5B64-47D7-9A50-3B87FD1E571F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18143\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18599\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21275\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22634\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7065\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-2100\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2437308\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/p11-glue/p11-kit/pull/740\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2100\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-26T20:30:34.453809Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-26T20:30:48.552Z\"}}], \"cna\": {\"title\": \"P11-kit: null dereference via c_derivekey with specific null parameters\", \"credits\": [{\"lang\": \"en\", \"value\": \"This issue was discovered by Zoltan Fridrich (Red Hat).\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.26.2-1.el10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"p11-kit\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.26.2-1.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"p11-kit\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.26.2-1.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"p11-kit\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0.26.2-1.1.hum1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"p11-kit-main\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1780420428\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"insights-proxy/insights-proxy-container-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1779798159\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhui5/cds-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1779798164\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhui5/haproxy-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1779798165\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhui5/installer-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1779798222\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhui5/rhua-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"p11-kit\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"p11-kit\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"p11-kit\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-06T12:02:49.002Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-02-06T08:08:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2026-02-06T08:08:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2026:18143\", \"name\": \"RHSA-2026:18143\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18599\", \"name\": \"RHSA-2026:18599\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21275\", \"name\": \"RHSA-2026:21275\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22634\", \"name\": \"RHSA-2026:22634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7065\", \"name\": \"RHSA-2026:7065\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2026-2100\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2437308\", \"name\": \"RHBZ#2437308\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/p11-glue/p11-kit/pull/740\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-824\", \"description\": \"Access of Uninitialized Pointer\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-02T18:40:04.886Z\"}, \"x_redhatCweChain\": \"CWE-824: Access of Uninitialized Pointer\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2100\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-02T18:40:04.886Z\", \"dateReserved\": \"2026-02-06T12:05:50.501Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-03-26T20:01:46.174Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:22634
Vulnerability from csaf_redhat - Published: 2026-06-02 18:37 - Updated: 2026-06-11 09:48Summary
Red Hat Security Advisory: Insights proxy Container Image
Severity
Important
Notes
Topic: Initial GA Release of Red Hat Insights proxy
Details: The Insights proxy Container is used by the Insights proxy product RPM
and serves as an intermediary between cystomer systems in disconnected networks,
air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing
a layer of privary and security for disconnected customer systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.
4.0 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
6.7 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
8.2 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
101 references
Acknowledgments
Sovereign Tech Agency
Sovereign Tech Resilience program
treeplus
Codean Labs
Red Hat
Zoltan Fridrich
Ali Raza
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22634",
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14087",
"url": "https://access.redhat.com/security/cve/CVE-2025-14087"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14512",
"url": "https://access.redhat.com/security/cve/CVE-2025-14512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2100",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28390",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29111",
"url": "https://access.redhat.com/security/cve/CVE-2026-29111"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40355",
"url": "https://access.redhat.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40356",
"url": "https://access.redhat.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4046",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4437",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4438",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4878",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22634.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-06-11T09:48:47+00:00",
"generator": {
"date": "2026-06-11T09:48:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:22634",
"initial_release_date": "2026-06-02T18:37:55+00:00",
"revision_history": [
{
"date": "2026-06-02T18:37:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T18:37:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-11T09:48:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1780420428"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1780420428"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sovereign Tech Resilience program"
],
"organization": "Sovereign Tech Agency"
},
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2025-14087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-12-05T08:35:24.744000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419093"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The highest threat is to system availability due to potential application crashes when processing maliciously crafted input strings through GLib\u0027s GVariant parser. This issue affects applications that utilize g_variant_parse() on untrusted data, leading to memory corruption and possible denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14087"
},
{
"category": "external",
"summary": "RHBZ#2419093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption"
},
{
"acknowledgments": [
{
"names": [
"Codean Labs"
]
}
],
"cve": "CVE-2025-14512",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-12-11T06:22:59.701000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2421339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib\u0027s GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products because an integer overflow in GLib\u0027s GIO `escape_byte_string()` function can lead to a heap buffer overflow and denial-of-service. This occurs when processing specially crafted file or remote filesystem attribute values, requiring an attacker to provide malicious input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14512"
},
{
"category": "external",
"summary": "RHBZ#2421339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845"
}
],
"release_date": "2025-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow"
},
{
"acknowledgments": [
{
"names": [
"Zoltan Fridrich"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-2100",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-02-06T12:02:49.002000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437308"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in p11-kit allows a remote attacker to cause an application level denial of service or unpredictable system states. Exploitation occurs when the C_DeriveKey function is called on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This affects Red Hat Enterprise Linux 9.8 and 10.2, Fedora 42 and 43, and Red Hat In-Vehicle OS 2.0. Other Red Hat products, including OpenShift Container Platform and various RHEL versions, are not affected as the vulnerable code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "RHBZ#2437308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://github.com/p11-glue/p11-kit/pull/740",
"url": "https://github.com/p11-glue/p11-kit/pull/740"
}
],
"release_date": "2026-02-06T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters"
},
{
"cve": "CVE-2026-4046",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-30T18:01:19.326391+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453117"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Denial of Service via iconv() function with specific character sets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact posed by this flaw is limited on Red Hat systems. The affected iconv() function has been separated out into a an independent package (`glibc-gconv-extra`) and is not used in system critical software. Some applications do rely on this package and may be affected, but they are either interactive applications or are configured to restart in the event of a crash.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "RHBZ#2453117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/",
"url": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD",
"url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD"
}
],
"release_date": "2026-03-30T17:16:11.021000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Denial of Service via iconv() function with specific character sets"
},
{
"cve": "CVE-2026-4437",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-20T21:01:45.993907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in glibc allows a remote attacker to send a specially crafted DNS response when an application uses `gethostbyaddr` or `gethostbyaddr_r` with glibc\u0027s DNS backend configured in `nsswitch.conf`. This can lead to incorrect interpretation of DNS responses. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as OpenShift Container Platform, are affected if applications are configured to use the vulnerable DNS backend.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "RHBZ#2449777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
}
],
"release_date": "2026-03-20T19:59:00.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response"
},
{
"cve": "CVE-2026-4438",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2026-03-20T21:02:16.458842+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449783"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a LOW impact flaw where glibc\u0027s `gethostbyaddr` and `gethostbyaddr_r` functions may return an invalid DNS hostname. This occurs when applications use a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend. This could lead to applications receiving incorrect hostname information, potentially affecting network operations or security decisions on Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "RHBZ#2449783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
}
],
"release_date": "2026-03-20T19:59:06.064000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions"
},
{
"acknowledgments": [
{
"names": [
"Ali Raza"
]
}
],
"cve": "CVE-2026-4878",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-26T06:56:21.213270+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. A Time-of-Check-to-Time-of-Use (TOCTOU) race condition in libcap\u0027s cap_set_file() allows a local unprivileged user to escalate privileges. An attacker with write access to a parent directory can exploit a narrow window during file capability updates to redirect capabilities to an attacker-controlled file. This can lead to the injection of elevated privileges into an unintended executable when privileged processes, such as setcap or container tooling, invoke cap_set_file() on attacker-influenced paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "RHBZ#2451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
}
],
"release_date": "2026-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
},
{
"cve": "CVE-2026-28390",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-07T23:01:18.313921+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as moderate by redhat because the vulnerability is limited to a denial-of-service condition caused by a NULL pointer dereference in OpenSSL CMS processing, without evidence of memory corruption or code execution, furthermore the Affected functionality is niche. The vulnerable path requires:\nCMS/S/MIME processing,\nspecifically CMS_decrypt(),\nwith RSA-OAEP KeyTransportRecipientInfo.\nMany OpenSSL consumers never use CMS APIs, never process S/MIME,\nor do not decrypt attacker-controlled CMS objects.\nSo exposure is far narrower than a generic TLS parsing vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "RHBZ#2456314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc",
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6",
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4",
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788",
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75",
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T22:00:54.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Applications that process Cryptographic Message Syntax (CMS) EnvelopedData messages should be configured to only accept input from trusted sources. Restricting network access to services that process untrusted CMS data can also reduce exposure to this Denial of Service vulnerability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
},
{
"cve": "CVE-2026-29111",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T22:01:54.593547+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29111"
},
{
"category": "external",
"summary": "RHBZ#2450505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a",
"url": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6",
"url": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412",
"url": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd",
"url": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f",
"url": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f",
"url": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69",
"url": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6",
"url": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c",
"url": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8",
"url": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764",
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764"
}
],
"release_date": "2026-03-23T21:03:56.120000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-34982",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-06T16:02:10.004743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary command execution via modeline sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "RHBZ#2455400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
}
],
"release_date": "2026-04-06T15:16:48.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass"
},
{
"cve": "CVE-2026-40355",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-28T07:01:45.120520+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system\u0027s GSSAPI configuration, which is not a default state in all Red Hat environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "RHBZ#2463370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355"
},
{
"category": "external",
"summary": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/advisories/",
"url": "https://web.mit.edu/kerberos/advisories/"
}
],
"release_date": "2026-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "To mitigate this issue, remove the NegoEx mechanism registration from the system\u0027s GSSAPI configuration if it is not required. This can typically be achieved by removing or commenting out the relevant entry in `/etc/gss/mech`. A restart of services utilizing Kerberos might be necessary for the changes to take effect, which could impact Kerberos-dependent functionality.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism"
},
{
"cve": "CVE-2026-40356",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-04-28T07:01:37.543641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact denial of service flaw in MIT Kerberos 5 (krb5) allows an unauthenticated remote attacker to trigger an integer underflow and out-of-bounds read. This vulnerability, which can lead to process termination, specifically affects systems where the NegoEx mechanism is registered and `gss_accept_sec_context()` is called. While Kerberos is a fundamental service, the prerequisite of a registered NegoEx mechanism limits the attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "RHBZ#2463368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356"
},
{
"category": "external",
"summary": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/advisories/",
"url": "https://web.mit.edu/kerberos/advisories/"
}
],
"release_date": "2026-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the NegoEx mechanism is not registered in the `/etc/gss/mech` configuration file. Removing the corresponding entry from this file will prevent the vulnerable code path from being activated. This action may impact services that rely on the NegoEx GSS-API mechanism. A restart of affected Kerberos-dependent services may be required for the change to take effect.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read"
}
]
}
RHSA-2026:7065
Vulnerability from csaf_redhat - Published: 2026-04-08 13:22 - Updated: 2026-06-02 18:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:p11-kit-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:p11-kit-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:p11-kit-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:p11-kit-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
10 references
Acknowledgments
Red Hat
Zoltan Fridrich
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7065",
"url": "https://access.redhat.com/errata/RHSA-2026:7065"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2100",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7065.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-02T18:44:07+00:00",
"generator": {
"date": "2026-06-02T18:44:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:7065",
"initial_release_date": "2026-04-08T13:22:47+00:00",
"revision_history": [
{
"date": "2026-04-08T13:22:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-24T22:41:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T18:44:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "p11-kit-main@noarch",
"product": {
"name": "p11-kit-main@noarch",
"product_id": "p11-kit-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-p11-kit@0.26.2-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "p11-kit-main@aarch64",
"product": {
"name": "p11-kit-main@aarch64",
"product_id": "p11-kit-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/p11-kit@0.26.2-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "p11-kit-main@src",
"product": {
"name": "p11-kit-main@src",
"product_id": "p11-kit-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/p11-kit@0.26.2-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "p11-kit-main@x86_64",
"product": {
"name": "p11-kit-main@x86_64",
"product_id": "p11-kit-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/p11-kit@0.26.2-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "p11-kit-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:p11-kit-main@aarch64"
},
"product_reference": "p11-kit-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p11-kit-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:p11-kit-main@noarch"
},
"product_reference": "p11-kit-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p11-kit-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:p11-kit-main@src"
},
"product_reference": "p11-kit-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p11-kit-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:p11-kit-main@x86_64"
},
"product_reference": "p11-kit-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zoltan Fridrich"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-2100",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-02-06T12:02:49.002000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437308"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in p11-kit allows a remote attacker to cause an application level denial of service or unpredictable system states. Exploitation occurs when the C_DeriveKey function is called on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This affects Red Hat Enterprise Linux 9.8 and 10.2, Fedora 42 and 43, and Red Hat In-Vehicle OS 2.0. Other Red Hat products, including OpenShift Container Platform and various RHEL versions, are not affected as the vulnerable code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:p11-kit-main@aarch64",
"Red Hat Hardened Images:p11-kit-main@noarch",
"Red Hat Hardened Images:p11-kit-main@src",
"Red Hat Hardened Images:p11-kit-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "RHBZ#2437308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://github.com/p11-glue/p11-kit/pull/740",
"url": "https://github.com/p11-glue/p11-kit/pull/740"
}
],
"release_date": "2026-02-06T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:22:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:p11-kit-main@aarch64",
"Red Hat Hardened Images:p11-kit-main@noarch",
"Red Hat Hardened Images:p11-kit-main@src",
"Red Hat Hardened Images:p11-kit-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7065"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:p11-kit-main@aarch64",
"Red Hat Hardened Images:p11-kit-main@noarch",
"Red Hat Hardened Images:p11-kit-main@src",
"Red Hat Hardened Images:p11-kit-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:p11-kit-main@aarch64",
"Red Hat Hardened Images:p11-kit-main@noarch",
"Red Hat Hardened Images:p11-kit-main@src",
"Red Hat Hardened Images:p11-kit-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters"
}
]
}
WID-SEC-W-2026-1267
Vulnerability from csaf_certbund - Published: 2026-04-26 22:00 - Updated: 2026-06-02 22:00Summary
Red Hat Hardened Images RPMs: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Rechte zu erweitern, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Hardened Images RPMs
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:hardened_images_rpms
|
Hardened Images RPMs | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Agent
IBM / MQ
|
cpe:/a:ibm:mq:agent
|
Agent | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 9.4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9.4
|
9.4 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Hardened Images RPMs
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:hardened_images_rpms
|
Hardened Images RPMs | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Agent
IBM / MQ
|
cpe:/a:ibm:mq:agent
|
Agent | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 9.4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9.4
|
9.4 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Hardened Images RPMs
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:hardened_images_rpms
|
Hardened Images RPMs | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Agent
IBM / MQ
|
cpe:/a:ibm:mq:agent
|
Agent | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 9.4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9.4
|
9.4 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
Red Hat Enterprise Linux Hardened Images RPMs
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:hardened_images_rpms
|
Hardened Images RPMs | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Agent
IBM / MQ
|
cpe:/a:ibm:mq:agent
|
Agent | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 9.4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9.4
|
9.4 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
32 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Rechte zu erweitern, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1267 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1267.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1267 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1267"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7065 vom 2026-04-26",
"url": "https://access.redhat.com/errata/RHSA-2026:7065"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7369 vom 2026-04-26",
"url": "https://access.redhat.com/errata/RHSA-2026:7369"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7473 vom 2026-04-26",
"url": "https://access.redhat.com/errata/RHSA-2026:7473"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8466 vom 2026-04-26",
"url": "https://access.redhat.com/errata/RHSA-2026:8466"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21274-1 vom 2026-04-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025632.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-8409145C11 vom 2026-04-27",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8409145c11"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-9A79C58AFD vom 2026-04-27",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-9a79c58afd"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13285 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13285"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-12441 vom 2026-05-01",
"url": "http://linux.oracle.com/errata/ELSA-2026-12441.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12423 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12423"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12441 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12441"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-12423 vom 2026-05-04",
"url": "http://linux.oracle.com/errata/ELSA-2026-12423.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13285 vom 2026-05-06",
"url": "https://errata.build.resf.org/RLSA-2026:13285"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14391 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13285 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13285.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14162 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14162"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14937 vom 2026-05-08",
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273338 vom 2026-05-18",
"url": "https://www.ibm.com/support/pages/node/7273338"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18143 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:18143"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19456 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19456"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19130 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19130"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:19346 vom 2026-05-20",
"url": "https://errata.build.resf.org/RLSA-2026:19346"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18599 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:18599"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19458 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19458"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19346 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19346"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6294 vom 2026-05-23",
"url": "https://security-tracker.debian.org/tracker/DSA-6294-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20595 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20595"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21254 vom 2026-05-27",
"url": "https://access.redhat.com/errata/RHSA-2026:21254"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
"url": "https://access.redhat.com/errata/RHSA-2026:21275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
}
],
"source_lang": "en-US",
"title": "Red Hat Hardened Images RPMs: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-02T22:00:00.000+00:00",
"generator": {
"date": "2026-06-03T06:33:59.069+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1267",
"initial_release_date": "2026-04-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "T054614",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Agent",
"product": {
"name": "IBM MQ Agent",
"product_id": "T054280",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:agent"
}
}
}
],
"category": "product_name",
"name": "MQ"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Hardened Images RPMs",
"product": {
"name": "Red Hat Enterprise Linux Hardened Images RPMs",
"product_id": "T053320",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:hardened_images_rpms"
}
}
},
{
"category": "product_version",
"name": "9.4",
"product": {
"name": "Red Hat Enterprise Linux 9.4",
"product_id": "T054699",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.4"
}
}
},
{
"category": "product_version",
"name": "Update Infrastructure 5.1",
"product": {
"name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
"product_id": "T054761",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69277",
"product_status": {
"known_affected": [
"T054761",
"T053320",
"T002207",
"67646",
"T054280",
"T054614",
"T004914",
"T054699",
"T032255",
"74185"
]
},
"release_date": "2026-04-26T22:00:00.000+00:00",
"title": "CVE-2025-69277"
},
{
"cve": "CVE-2026-2100",
"product_status": {
"known_affected": [
"T054761",
"T053320",
"T002207",
"67646",
"T054280",
"T054614",
"T004914",
"T054699",
"T032255",
"74185"
]
},
"release_date": "2026-04-26T22:00:00.000+00:00",
"title": "CVE-2026-2100"
},
{
"cve": "CVE-2026-41989",
"product_status": {
"known_affected": [
"T054761",
"T053320",
"T002207",
"67646",
"T054280",
"T054614",
"T004914",
"T054699",
"T032255",
"74185"
]
},
"release_date": "2026-04-26T22:00:00.000+00:00",
"title": "CVE-2026-41989"
},
{
"cve": "CVE-2026-4878",
"product_status": {
"known_affected": [
"T054761",
"T053320",
"T002207",
"67646",
"T054280",
"T054614",
"T004914",
"T054699",
"T032255",
"74185"
]
},
"release_date": "2026-04-26T22:00:00.000+00:00",
"title": "CVE-2026-4878"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…