RHSA-2026:18868
Vulnerability from csaf_redhat - Published: 2026-05-19 13:54 - Updated: 2026-06-03 13:11Summary
Red Hat Security Advisory: linux-sgx security update
Severity
Important
Notes
Topic: An update for linux-sgx is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.
Security Fix(es):
* qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)
* node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)
* node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)
* lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)
* node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
8.2 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.
8.2 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.
8.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
8.2 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for linux-sgx is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.\n\nSecurity Fix(es):\n\n* qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)\n\n* node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)\n\n* node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)\n\n* lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)\n\n* node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:18868",
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "RHEL-127046",
"url": "https://issues.redhat.com/browse/RHEL-127046"
},
{
"category": "external",
"summary": "RHEL-140109",
"url": "https://issues.redhat.com/browse/RHEL-140109"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18868.json"
}
],
"title": "Red Hat Security Advisory: linux-sgx security update",
"tracking": {
"current_release_date": "2026-06-03T13:11:01+00:00",
"generator": {
"date": "2026-06-03T13:11:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:18868",
"initial_release_date": "2026-05-19T13:54:50+00:00",
"revision_history": [
{
"date": "2026-05-19T13:54:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T13:54:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T13:11:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-sgx-0:2.26-7.el9.src",
"product": {
"name": "linux-sgx-0:2.26-7.el9.src",
"product_id": "linux-sgx-0:2.26-7.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-sgx@2.26-7.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sgx-common-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-common-0:2.26-7.el9.x86_64",
"product_id": "sgx-common-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-common@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-libs-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-libs-0:2.26-7.el9.x86_64",
"product_id": "sgx-libs-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-libs@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-mpa-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-mpa-0:2.26-7.el9.x86_64",
"product_id": "sgx-mpa-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-mpa@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-pccs-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-pccs-0:2.26-7.el9.x86_64",
"product_id": "sgx-pccs-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-pccs@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-pccs-admin-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-pccs-admin-0:2.26-7.el9.x86_64",
"product_id": "sgx-pccs-admin-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-pccs-admin@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-pckid-tool-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-pckid-tool-0:2.26-7.el9.x86_64",
"product_id": "sgx-pckid-tool-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-pckid-tool@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tdx-qgs-0:2.26-7.el9.x86_64",
"product": {
"name": "tdx-qgs-0:2.26-7.el9.x86_64",
"product_id": "tdx-qgs-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tdx-qgs@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"product": {
"name": "linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"product_id": "linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-sgx-debugsource@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-sgx-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-enclave-devel-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-libs-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-mpa-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-pccs-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sgx-pckid-tool-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tdx-attest-libs-debuginfo@2.26-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tdx-qgs-debuginfo-0:2.26-7.el9.x86_64",
"product": {
"name": "tdx-qgs-debuginfo-0:2.26-7.el9.x86_64",
"product_id": "tdx-qgs-debuginfo-0:2.26-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tdx-qgs-debuginfo@2.26-7.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-sgx-0:2.26-7.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src"
},
"product_reference": "linux-sgx-0:2.26-7.el9.src",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-sgx-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-sgx-debugsource-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64"
},
"product_reference": "linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-common-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-common-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-libs-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-libs-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-libs-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-mpa-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-mpa-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-mpa-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-pccs-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-pccs-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-pccs-admin-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-pccs-admin-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-pccs-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-pckid-tool-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-pckid-tool-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tdx-qgs-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64"
},
"product_reference": "tdx-qgs-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tdx-qgs-debuginfo-0:2.26-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
},
"product_reference": "tdx-qgs-debuginfo-0:2.26-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:54:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:54:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:54:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:54:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:54:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:linux-sgx-0:2.26-7.el9.src",
"AppStream-9.8.0.GA:linux-sgx-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:linux-sgx-debugsource-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-common-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-enclave-devel-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-mpa-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-admin-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pccs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:sgx-pckid-tool-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-attest-libs-debuginfo-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-0:2.26-7.el9.x86_64",
"AppStream-9.8.0.GA:tdx-qgs-debuginfo-0:2.26-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…