Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44432 (GCVE-0-2026-44432)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:17 – Updated: 2026-05-15 18:25
VLAI
EPSS
Title
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
Summary
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/urllib3/urllib3/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T18:17:39.119999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T18:25:06.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:17:12.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"source": {
"advisory": "GHSA-mf9v-mfxr-j63j",
"discovery": "UNKNOWN"
},
"title": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44432",
"datePublished": "2026-05-13T15:17:12.611Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-05-15T18:25:06.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44432",
"date": "2026-06-12",
"epss": "0.00019",
"percentile": "0.05348"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44432\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T16:16:57.303\",\"lastModified\":\"2026-05-14T13:49:25.483\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-409\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"2B9D0BE5-DF70-4B46-8128-324E04104B1B\"}]}]}],\"references\":[{\"url\":\"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44432\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T18:17:39.119999Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T18:25:01.877Z\"}}], \"cna\": {\"title\": \"urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API\", \"source\": {\"advisory\": \"GHSA-mf9v-mfxr-j63j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"urllib3\", \"product\": \"urllib3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.6.0, \u003c 2.7.0\"}]}], \"references\": [{\"url\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\", \"name\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-409\", \"description\": \"CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T15:17:12.611Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44432\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-15T18:25:06.331Z\", \"dateReserved\": \"2026-05-06T14:40:00.954Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T15:17:12.611Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-MF9V-MFXR-J63J
Vulnerability from github – Published: 2026-05-11 14:51 – Updated: 2026-06-08 19:52
VLAI
Summary
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
Details
Impact
urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.
urllib3 can perform decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). When using the streaming API since version 2.6.0, the library decompresses only the necessary bytes, enabling partial content consumption.
However, urllib3 before version 2.7.0 could still decompress the whole response instead of the requested portion in two cases:
1. During the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library.
2. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here).
These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side.
Affected usages
Applications and libraries using urllib3 versions earlier than 2.7.0 may be affected when streaming compressed responses from untrusted sources in either of these cases, unless decompression is explicitly disabled:
- A response encoded with
bris read incrementally with at least twoHTTPResponse.read(amt=N)orHTTPResponse.stream(amt=N)calls while using the official Brotli library. HTTPResponse.drain_conn()is called after response decompression has already started.
Remediation
Upgrade to at least urllib3 version 2.7.0 in which the library:
1. Is more efficient for reads with Brotli.
2. Always skips decompression for HTTPResponse.drain_conn().
If upgrading is not immediately possible, the following workarounds may reduce exposure in specific cases:
1. For the Brotli-specific issue only, switch from brotli to brotlicffi until you can upgrade urllib3; the official Brotli package is affected because of https://github.com/google/brotli/issues/1396.
2. If your code explicitly calls HTTPResponse.drain_conn(), call HTTPResponse.close() instead when connection reuse is not important.
Credits
The Brotli-specific issue was reported by @kimkou2024.
HTTPResponse.drain_conn() inefficiency was reported by @Cycloctane.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44432"
],
"database_specific": {
"cwe_ids": [
"CWE-409"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T14:51:45Z",
"nvd_published_at": "2026-05-13T16:16:57Z",
"severity": "HIGH"
},
"details": "### Impact\n\nurllib3\u0027s [streaming API](https://urllib3.readthedocs.io/en/2.7.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.\n\nurllib3 can perform decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API since version 2.6.0, the library decompresses only the necessary bytes, enabling partial content consumption.\n\nHowever, urllib3 before version 2.7.0 could still decompress the whole response instead of the requested portion in two cases:\n1. During the second `HTTPResponse.read(amt=N)` call when the response was decompressed using the official [Brotli](https://pypi.org/project/brotli/) library.\n2. When `HTTPResponse.drain_conn()` was called after the response had been read and decompressed partially (compression algorithm did not matter here).\n\nThese issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side.\n\n\n### Affected usages\n\nApplications and libraries using urllib3 versions earlier than 2.7.0 may be affected when streaming compressed responses from untrusted sources in either of these cases, unless decompression is explicitly disabled:\n\n1. A response encoded with `br` is read incrementally with at least two `HTTPResponse.read(amt=N)` or `HTTPResponse.stream(amt=N)` calls while using the official [Brotli](https://pypi.org/project/brotli/) library.\n2. `HTTPResponse.drain_conn()` is called after response decompression has already started.\n\n\n### Remediation\n\nUpgrade to at least urllib3 version 2.7.0 in which the library:\n1. Is more efficient for reads with Brotli.\n2. Always skips decompression for `HTTPResponse.drain_conn()`.\n\nIf upgrading is not immediately possible, the following workarounds may reduce exposure in specific cases:\n1. For the Brotli-specific issue only, switch from [brotli](https://pypi.org/project/brotli/) to [brotlicffi](https://pypi.org/project/brotlicffi/) until you can upgrade urllib3; the official Brotli package is affected because of https://github.com/google/brotli/issues/1396.\n2. If your code explicitly calls `HTTPResponse.drain_conn()`, call `HTTPResponse.close()` instead when connection reuse is not important.\n\n\n### Credits\n\nThe Brotli-specific issue was reported by @kimkou2024.\n`HTTPResponse.drain_conn()` inefficiency was reported by @Cycloctane.",
"id": "GHSA-mf9v-mfxr-j63j",
"modified": "2026-06-08T19:52:23Z",
"published": "2026-05-11T14:51:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2026-142.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/urllib3/urllib3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"type": "CVSS_V4"
}
],
"summary": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
}
OPENSUSE-SU-2026:10798-1
Vulnerability from csaf_opensuse - Published: 2026-05-16 00:00 - Updated: 2026-05-16 00:00Summary
python311-urllib3-2.7.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-urllib3-2.7.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-urllib3-2.7.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10798
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-urllib3-2.7.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-urllib3-2.7.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10798",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10798-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44432 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44432/"
}
],
"title": "python311-urllib3-2.7.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-16T00:00:00Z",
"generator": {
"date": "2026-05-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10798-1",
"initial_release_date": "2026-05-16T00:00:00Z",
"revision_history": [
{
"date": "2026-05-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-urllib3-2.7.0-1.1.aarch64",
"product": {
"name": "python311-urllib3-2.7.0-1.1.aarch64",
"product_id": "python311-urllib3-2.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-urllib3-2.7.0-1.1.aarch64",
"product": {
"name": "python313-urllib3-2.7.0-1.1.aarch64",
"product_id": "python313-urllib3-2.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python314-urllib3-2.7.0-1.1.aarch64",
"product": {
"name": "python314-urllib3-2.7.0-1.1.aarch64",
"product_id": "python314-urllib3-2.7.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-urllib3-2.7.0-1.1.ppc64le",
"product": {
"name": "python311-urllib3-2.7.0-1.1.ppc64le",
"product_id": "python311-urllib3-2.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-urllib3-2.7.0-1.1.ppc64le",
"product": {
"name": "python313-urllib3-2.7.0-1.1.ppc64le",
"product_id": "python313-urllib3-2.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python314-urllib3-2.7.0-1.1.ppc64le",
"product": {
"name": "python314-urllib3-2.7.0-1.1.ppc64le",
"product_id": "python314-urllib3-2.7.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-urllib3-2.7.0-1.1.s390x",
"product": {
"name": "python311-urllib3-2.7.0-1.1.s390x",
"product_id": "python311-urllib3-2.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-urllib3-2.7.0-1.1.s390x",
"product": {
"name": "python313-urllib3-2.7.0-1.1.s390x",
"product_id": "python313-urllib3-2.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python314-urllib3-2.7.0-1.1.s390x",
"product": {
"name": "python314-urllib3-2.7.0-1.1.s390x",
"product_id": "python314-urllib3-2.7.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-urllib3-2.7.0-1.1.x86_64",
"product": {
"name": "python311-urllib3-2.7.0-1.1.x86_64",
"product_id": "python311-urllib3-2.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-urllib3-2.7.0-1.1.x86_64",
"product": {
"name": "python313-urllib3-2.7.0-1.1.x86_64",
"product_id": "python313-urllib3-2.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python314-urllib3-2.7.0-1.1.x86_64",
"product": {
"name": "python314-urllib3-2.7.0-1.1.x86_64",
"product_id": "python314-urllib3-2.7.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.aarch64"
},
"product_reference": "python311-urllib3-2.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.ppc64le"
},
"product_reference": "python311-urllib3-2.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.s390x"
},
"product_reference": "python311-urllib3-2.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.x86_64"
},
"product_reference": "python311-urllib3-2.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.aarch64"
},
"product_reference": "python313-urllib3-2.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.ppc64le"
},
"product_reference": "python313-urllib3-2.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.s390x"
},
"product_reference": "python313-urllib3-2.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-urllib3-2.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.x86_64"
},
"product_reference": "python313-urllib3-2.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-urllib3-2.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.aarch64"
},
"product_reference": "python314-urllib3-2.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-urllib3-2.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.ppc64le"
},
"product_reference": "python314-urllib3-2.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-urllib3-2.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.s390x"
},
"product_reference": "python314-urllib3-2.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python314-urllib3-2.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.x86_64"
},
"product_reference": "python314-urllib3-2.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44432"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44432",
"url": "https://www.suse.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "SUSE Bug 1265266 for CVE-2026-44432",
"url": "https://bugzilla.suse.com/1265266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3-2.7.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python313-urllib3-2.7.0-1.1.x86_64",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.aarch64",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.s390x",
"openSUSE Tumbleweed:python314-urllib3-2.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44432"
}
]
}
PYSEC-2026-142
Vulnerability from pysec - Published: 2026-05-13 16:16 - Updated: 2026-05-20 09:19
VLAI
Details
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.
Severity
7.5 (High)
Impacted products
| Name | purl | urllib3 | pkg:pypi/urllib3 |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3",
"purl": "pkg:pypi/urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.7.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.6.0",
"2.6.1",
"2.6.2",
"2.6.3"
]
}
],
"aliases": [
"CVE-2026-44432",
"GHSA-mf9v-mfxr-j63j"
],
"details": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.",
"id": "PYSEC-2026-142",
"modified": "2026-05-20T09:19:21.038869Z",
"published": "2026-05-13T16:16:57.303Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2026:20338
Vulnerability from csaf_redhat - Published: 2026-05-21 22:10 - Updated: 2026-06-11 16:48Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 | — |
Threats
Impact
Important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20338",
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20338.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-06-11T16:48:00+00:00",
"generator": {
"date": "2026-06-11T16:48:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:20338",
"initial_release_date": "2026-05-21T22:10:28+00:00",
"revision_history": [
{
"date": "2026-05-21T22:10:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-21T22:10:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-11T16:48:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Afeab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395188"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1779395188"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T22:10:28+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20338"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:4a66f37ba8f857134972c2bc6b9457c6a9b6028a7c865a82fe8af707f7dce3cb_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:feab2c46a1aa558963e8931df75379d5a9ca3a8cd5a18e9d84fa088b0275044b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:58a826fdd18f7f2d384d11118ecc448faf04fff5611fe7b3881a4099823e5a54_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:6002f4b44f4f2651630ac850692ec1c0fc604fdf70f528fb9f75bcd975aefeb5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24476
Vulnerability from csaf_redhat - Published: 2026-06-08 12:54 - Updated: 2026-06-10 13:24Summary
Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24476",
"url": "https://access.redhat.com/errata/RHSA-2026:24476"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23490",
"url": "https://access.redhat.com/security/cve/CVE-2026-23490"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24476.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-06-10T13:24:33+00:00",
"generator": {
"date": "2026-06-10T13:24:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24476",
"initial_release_date": "2026-06-08T12:54:26+00:00",
"revision_history": [
{
"date": "2026-06-08T12:54:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T12:54:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T13:24:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64",
"product": {
"name": "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64",
"product_id": "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/segment-reporting-rhel9@sha256%3A0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/segment-reporting-rhel9\u0026tag=1780560117"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
},
"product_reference": "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23490",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T20:03:33.790513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430472"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23490"
},
{
"category": "external",
"summary": "RHBZ#2430472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970",
"url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2",
"url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
}
],
"release_date": "2026-01-16T19:03:36.442000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T12:54:26+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T12:54:26+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:0e7f56263bacad63890e011c178f438f42e04c5db82b2469c80f6e5a7b77d7a8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24483
Vulnerability from csaf_redhat - Published: 2026-06-08 13:12 - Updated: 2026-06-12 09:48Summary
Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1
Severity
Important
Notes
Topic: The GA release of the RHTAS Model Transparency CLI image.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
Details: The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The GA release of the RHTAS Model Transparency CLI image.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24483",
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23490",
"url": "https://access.redhat.com/security/cve/CVE-2026-23490"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24483.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1",
"tracking": {
"current_release_date": "2026-06-12T09:48:45+00:00",
"generator": {
"date": "2026-06-12T09:48:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24483",
"initial_release_date": "2026-06-08T13:12:26+00:00",
"revision_history": [
{
"date": "2026-06-08T13:12:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T13:12:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-12T09:48:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.4",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"product": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-transparency-rhel9@sha256%3A1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/model-transparency-rhel9\u0026tag=1780914886"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"product": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-transparency-rhel9@sha256%3A88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e?arch=arm64\u0026repository_url=registry.redhat.io/rhtas/model-transparency-rhel9\u0026tag=1780914886"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64"
},
"product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
},
"product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23490",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T20:03:33.790513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430472"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23490"
},
{
"category": "external",
"summary": "RHBZ#2430472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970",
"url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2",
"url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
}
],
"release_date": "2026-01-16T19:03:36.442000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:12:26+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24483"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24540
Vulnerability from csaf_redhat - Published: 2026-06-08 17:50 - Updated: 2026-06-12 09:48Summary
Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cpu)
Severity
Important
Notes
Topic: Red Hat AI Inference 3.4.1 (cpu) is now available.
Details: Red Hat AI Inference
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference 3.4.1 (cpu) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24540",
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24540.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cpu)",
"tracking": {
"current_release_date": "2026-06-12T09:48:45+00:00",
"generator": {
"date": "2026-06-12T09:48:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24540",
"initial_release_date": "2026-06-08T17:50:14+00:00",
"revision_history": [
{
"date": "2026-06-08T17:50:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:50:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-12T09:48:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"product_id": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cpu-rhel9@sha256%3Aa1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/vllm-cpu-rhel9\u0026tag=1780356811"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:50:14+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24540",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:50:14+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24540",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cpu-rhel9@sha256:a1ec87fc11e84aff94af69fe92827d7a708b78792bce052615fb3c4bf1fc0bef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24541
Vulnerability from csaf_redhat - Published: 2026-06-08 17:51 - Updated: 2026-06-12 09:48Summary
Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (spyre)
Severity
Important
Notes
Topic: Red Hat AI Inference 3.4.1 (spyre) is now available.
Details: Red Hat AI Inference
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference 3.4.1 (spyre) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24541",
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24541.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (spyre)",
"tracking": {
"current_release_date": "2026-06-12T09:48:45+00:00",
"generator": {
"date": "2026-06-12T09:48:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24541",
"initial_release_date": "2026-06-08T17:51:10+00:00",
"revision_history": [
{
"date": "2026-06-08T17:51:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:51:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-12T09:48:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"product": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"product_id": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vllm-spyre-rhel9@sha256%3Af4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691?arch=ppc64le\u0026repository_url=registry.redhat.io/rhaii/vllm-spyre-rhel9\u0026tag=1780356904"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"product": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"product_id": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vllm-spyre-rhel9@sha256%3Aa89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8?arch=s390x\u0026repository_url=registry.redhat.io/rhaii/vllm-spyre-rhel9\u0026tag=1780356904"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"product_id": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-spyre-rhel9@sha256%3Ae12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/vllm-spyre-rhel9\u0026tag=1780356904"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x"
},
"product_reference": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
},
"product_reference": "registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24541",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24541",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:a89b09f6ec94078c599339b7feee9a0ddfc8048b748169310ed03f4c652d11f8_s390x",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:e12e1c6d65d4b41e530057a37765f36afcfa4e1cf85996bb4ebe13cef713b7d3_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-spyre-rhel9@sha256:f4aa279db2108029bfd1aa1329bccb7144a166fccbbc1d670494f2106d847691_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24542
Vulnerability from csaf_redhat - Published: 2026-06-08 17:51 - Updated: 2026-06-12 09:48Summary
Red Hat Security Advisory: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda)
Severity
Important
Notes
Topic: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda) is now available.
Details: Red Hat AI Inference Model Optimization Tools
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference Model Optimization Tools",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24542",
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24542.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Model Optimization Tools 3.4.1 (cuda)",
"tracking": {
"current_release_date": "2026-06-12T09:48:45+00:00",
"generator": {
"date": "2026-06-12T09:48:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24542",
"initial_release_date": "2026-06-08T17:51:20+00:00",
"revision_history": [
{
"date": "2026-06-08T17:51:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-12T09:48:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"product": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"product_id": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/model-opt-cuda-rhel9\u0026tag=1780356941"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"product": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"product_id": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469?arch=arm64\u0026repository_url=registry.redhat.io/rhaii/model-opt-cuda-rhel9\u0026tag=1780356941"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64"
},
"product_reference": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
},
"product_reference": "registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:20+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24542",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:51:20+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24542",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:4ebb2714d965c93f532eb68f6a0425387e821c84684d80abd176c555892d7469_arm64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/model-opt-cuda-rhel9@sha256:7f19c82fb04f5d9ac59cfd84ae8a60da85ca53f122ec72088be648b335b78935_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:24544
Vulnerability from csaf_redhat - Published: 2026-06-08 17:52 - Updated: 2026-06-12 09:48Summary
Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cuda)
Severity
Important
Notes
Topic: Red Hat AI Inference 3.4.1 (cuda) is now available.
Details: Red Hat AI Inference
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference 3.4.1 (cuda) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AI Inference",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24544",
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24544.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference 3.4.1 (cuda)",
"tracking": {
"current_release_date": "2026-06-12T09:48:45+00:00",
"generator": {
"date": "2026-06-12T09:48:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:24544",
"initial_release_date": "2026-06-08T17:52:59+00:00",
"revision_history": [
{
"date": "2026-06-08T17:52:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T17:53:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-12T09:48:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.4",
"product": {
"name": "Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"product_id": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0?arch=amd64\u0026repository_url=registry.redhat.io/rhaii/vllm-cuda-rhel9\u0026tag=1780356914"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"product": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"product_id": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3A6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50?arch=arm64\u0026repository_url=registry.redhat.io/rhaii/vllm-cuda-rhel9\u0026tag=1780356914"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64 as a component of Red Hat AI Inference Server 3.4",
"product_id": "Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
},
"product_reference": "registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:52:59+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24544",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T17:52:59+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:24544",
"product_ids": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24544"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:3c71d1adbb5d811a19c04d1d4d907d0a67fd671dd5c3638d2f8ed5ad363192e0_amd64",
"Red Hat AI Inference Server 3.4:registry.redhat.io/rhaii/vllm-cuda-rhel9@sha256:6ce25732de012437b2087e37cffdc6aff2480aed1940591e00d7c65395d11c50_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…