Vulnerability-Lookup

RHSA-2026:24483

Vulnerability from csaf_redhat - Published: 2026-06-08 13:12 - Updated: 2026-06-09 11:25

Summary

Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1

Severity

Important

Notes

Topic: The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4

Details: The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-23490

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64		—	Vendor Fix fix
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64		—	Vendor Fix fix

Threats

Impact Important

CVE-2026-39892

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-44431

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64		—	Vendor Fix fix
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64		—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-44432

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64		—	Vendor Fix fix
Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64		—	Vendor Fix fix

Threats

Impact Important

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:24483	self
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/security/cve/CVE-2026-23490	external
https://access.redhat.com/security/cve/CVE-2026-39892	external
https://access.redhat.com/security/cve/CVE-2026-44431	external
https://access.redhat.com/security/cve/CVE-2026-44432	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-23490	self
https://bugzilla.redhat.com/show_bug.cgi?id=2430472	external
https://www.cve.org/CVERecord?id=CVE-2026-23490	external
https://nvd.nist.gov/vuln/detail/CVE-2026-23490	external
https://github.com/pyasn1/pyasn1/commit/3908f1442…	external
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2	external
https://github.com/pyasn1/pyasn1/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2026-39892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456735	external
https://www.cve.org/CVERecord?id=CVE-2026-39892	external
https://nvd.nist.gov/vuln/detail/CVE-2026-39892	external
http://www.openwall.com/lists/oss-security/2026/0…	external
https://github.com/pyca/cryptography/commit/622d6…	external
https://github.com/pyca/cryptography/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-44431	self
https://bugzilla.redhat.com/show_bug.cgi?id=2477167	external
https://www.cve.org/CVERecord?id=CVE-2026-44431	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44431	external
https://github.com/urllib3/urllib3/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-44432	self
https://bugzilla.redhat.com/show_bug.cgi?id=2477154	external
https://www.cve.org/CVERecord?id=CVE-2026-44432	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44432	external
https://github.com/urllib3/urllib3/security/advis…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The GA release of the RHTAS Model Transparency CLI image.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:24483",
        "url": "https://access.redhat.com/errata/RHSA-2026:24483"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-23490",
        "url": "https://access.redhat.com/security/cve/CVE-2026-23490"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
        "url": "https://access.redhat.com/security/cve/CVE-2026-39892"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44431"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24483.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.1",
    "tracking": {
      "current_release_date": "2026-06-09T11:25:55+00:00",
      "generator": {
        "date": "2026-06-09T11:25:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2026:24483",
      "initial_release_date": "2026-06-08T13:12:26+00:00",
      "revision_history": [
        {
          "date": "2026-06-08T13:12:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-08T13:12:34+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-09T11:25:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Trusted Artifact Signer 1.4",
                "product": {
                  "name": "Red Hat Trusted Artifact Signer 1.4",
                  "product_id": "Red Hat Trusted Artifact Signer 1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Trusted Artifact Signer"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
                "product": {
                  "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
                  "product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-transparency-rhel9@sha256%3A1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/model-transparency-rhel9\u0026tag=1780914886"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
                "product": {
                  "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
                  "product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-transparency-rhel9@sha256%3A88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e?arch=arm64\u0026repository_url=registry.redhat.io/rhtas/model-transparency-rhel9\u0026tag=1780914886"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
          "product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64"
        },
        "product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
        "relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
          "product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
        },
        "product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64",
        "relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-23490",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-16T20:03:33.790513+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2430472"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-23490"
        },
        {
          "category": "external",
          "summary": "RHBZ#2430472",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430472"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-23490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23490"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970",
          "url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2",
          "url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq",
          "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
        }
      ],
      "release_date": "2026-01-16T19:03:36.442000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-08T13:12:26+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID"
    },
    {
      "cve": "CVE-2026-39892",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-04-08T22:00:59.416053+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456735"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456735",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
          "url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
          "url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
        }
      ],
      "release_date": "2026-04-08T20:49:41.967000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-08T13:12:26+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24483"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
    },
    {
      "cve": "CVE-2026-44431",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "discovery_date": "2026-05-13T17:01:41.663622+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477167"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44431"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477167",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
        }
      ],
      "release_date": "2026-05-13T15:20:24.588000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-08T13:12:26+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
    },
    {
      "cve": "CVE-2026-44432",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-05-13T17:01:01.083841+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "release_date": "2026-05-13T15:17:12.611000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-08T13:12:26+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:1687e39c23f2718e3b857666ba00aa7596c83810c7f43ba17170c30c95485be7_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:88a0ea22cfa6999d4799dce220608e10369ebe5f77bc27e8f1cf57330ee3796e_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
    }
  ]
}

CVE-2026-23490 (GCVE-0-2026-23490)

Vulnerability from cvelistv5 – Published: 2026-01-16 19:03 – Updated: 2026-02-01 17:06

Title

pyasn1 has a DoS vulnerability in decoder

Summary

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/pyasn1/pyasn1/security/advisor…	x_refsource_CONFIRM
https://github.com/pyasn1/pyasn1/commit/3908f1442…	x_refsource_MISC
https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2026…

Impacted products

1 product

Vendor	Product	Version
pyasn1	pyasn1	Affected: < 0.6.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23490",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T19:23:28.531270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T19:23:51.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-01T17:06:14.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyasn1",
          "vendor": "pyasn1",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T19:03:36.442Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq"
        },
        {
          "name": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"
        },
        {
          "name": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2"
        }
      ],
      "source": {
        "advisory": "GHSA-63vm-454h-vhhq",
        "discovery": "UNKNOWN"
      },
      "title": "pyasn1 has a DoS vulnerability in decoder"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-23490",
    "datePublished": "2026-01-16T19:03:36.442Z",
    "dateReserved": "2026-01-13T15:47:41.628Z",
    "dateUpdated": "2026-02-01T17:06:14.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39892 (GCVE-0-2026-39892)

Vulnerability from cvelistv5 – Published: 2026-04-08 20:49 – Updated: 2026-04-09 19:52

Title

cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/pyca/cryptography/security/adv…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
pyca	cryptography	Affected: >= 45.0.0, < 46.0.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-08T21:16:07.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T19:41:57.662246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T19:52:22.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cryptography",
          "vendor": "pyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 45.0.0, \u003c 46.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T20:49:41.967Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
        }
      ],
      "source": {
        "advisory": "GHSA-p423-j2cm-9vmq",
        "discovery": "UNKNOWN"
      },
      "title": "cryptography has a buffer overflow if non-contiguous buffers were passed to APIs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-39892",
    "datePublished": "2026-04-08T20:49:41.967Z",
    "dateReserved": "2026-04-07T20:32:03.011Z",
    "dateUpdated": "2026-04-09T19:52:22.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44431 (GCVE-0-2026-44431)

Vulnerability from cvelistv5 – Published: 2026-05-13 15:20 – Updated: 2026-05-13 17:17

Title

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

Summary

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

Severity

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 1.23, < 2.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T16:51:26.677054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T17:17:07.339Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.23, \u003c 2.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T15:20:24.588Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
        }
      ],
      "source": {
        "advisory": "GHSA-qccp-gfcp-xxvc",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44431",
    "datePublished": "2026-05-13T15:20:24.588Z",
    "dateReserved": "2026-05-06T14:40:00.954Z",
    "dateUpdated": "2026-05-13T17:17:07.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44432 (GCVE-0-2026-44432)

Vulnerability from cvelistv5 – Published: 2026-05-13 15:17 – Updated: 2026-05-15 18:25

Title

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Summary

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

Severity

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 2.6.0, < 2.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T18:17:39.119999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T18:25:06.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.6.0, \u003c 2.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T15:17:12.611Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "source": {
        "advisory": "GHSA-mf9v-mfxr-j63j",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44432",
    "datePublished": "2026-05-13T15:17:12.611Z",
    "dateReserved": "2026-05-06T14:40:00.954Z",
    "dateUpdated": "2026-05-15T18:25:06.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:24483

CVE-2026-23490 (GCVE-0-2026-23490)

CVE-2026-39892 (GCVE-0-2026-39892)

CVE-2026-44431 (GCVE-0-2026-44431)

CVE-2026-44432 (GCVE-0-2026-44432)

Tags

Sightings

Nomenclature