RHSA-2026:8498

Vulnerability from csaf_redhat - Published: 2026-04-16 15:09 - Updated: 2026-04-16 20:07
Summary
Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image
Severity
Important
Notes
Topic: A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry.
Details: Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2026-4800

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().

8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:8498
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-30951

A flaw was found in Sequelize, a Node.js Object-Relational Mapper (ORM) tool. A remote attacker can exploit a SQL injection vulnerability by manipulating JSON object keys during JSON/JSONB where clause processing. This allows for the injection of arbitrary SQL commands due to the improper handling of cast types. The primary consequence is the potential for unauthorized data exfiltration from any database table.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:8498
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying  predefined rules to a small set of local data, such as installed packages,  running services, and configuration settings.  When you install Red Hat Lightspeed in Satellite locally,  you can generate Red Hat Lightspeed recommendations without  sending system data to Red Hat services. ",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:8498",
        "url": "https://access.redhat.com/errata/RHSA-2026:8498"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-30951",
        "url": "https://access.redhat.com/security/cve/CVE-2026-30951"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4800",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4800"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/search",
        "url": "https://catalog.redhat.com/software/containers/search"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
        "url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
        "url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8498.json"
      }
    ],
    "title": "Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image",
    "tracking": {
      "current_release_date": "2026-04-16T20:07:40+00:00",
      "generator": {
        "date": "2026-04-16T20:07:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:8498",
      "initial_release_date": "2026-04-16T15:09:56+00:00",
      "revision_history": [
        {
          "date": "2026-04-16T15:09:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-16T15:10:06+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-16T20:07:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 6.18",
                "product": {
                  "name": "Red Hat Satellite 6.18",
                  "product_id": "Red Hat Satellite 6.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:6.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64",
                "product": {
                  "name": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64",
                  "product_id": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/iop-remediations-rhel9@sha256%3A94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c?arch=amd64\u0026repository_url=registry.redhat.io/satellite\u0026tag=1776194798"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64 as a component of Red Hat Satellite 6.18",
          "product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
        },
        "product_reference": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64",
        "relates_to_product_reference": "Red Hat Satellite 6.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-4800",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2026-03-31T20:01:21.918257+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453496"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: lodash: Arbitrary code execution via untrusted input in template imports",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the context of Red Hat Enterprise Linux, the grafana and grafana-pcp packages execute the affected JavaScript entirely client-side within the user\u0027s browser. Consequently, the attack surface is strictly restricted to the local browser environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4800"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453496",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
          "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"
        },
        {
          "category": "external",
          "summary": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
          "url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"
        }
      ],
      "release_date": "2026-03-31T19:25:55.987000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T15:09:56+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8498"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
    },
    {
      "cve": "CVE-2026-30951",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-03-10T21:01:17.729955+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2446250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Sequelize, a Node.js Object-Relational Mapper (ORM) tool. A remote attacker can exploit a SQL injection vulnerability by manipulating JSON object keys during JSON/JSONB where clause processing. This allows for the injection of arbitrary SQL commands due to the improper handling of cast types. The primary consequence is the potential for unauthorized data exfiltration from any database table.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sequelize: Sequelize: Data exfiltration via SQL injection in JSON/JSONB where clause processing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-30951"
        },
        {
          "category": "external",
          "summary": "RHBZ#2446250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-30951",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30951"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30951",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30951"
        },
        {
          "category": "external",
          "summary": "https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr",
          "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr"
        }
      ],
      "release_date": "2026-03-10T20:22:46.150000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T15:09:56+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8498"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:94bfbcac75fca25a6babc06844a05703c5e745939c62288131f56e039877601c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "sequelize: Sequelize: Data exfiltration via SQL injection in JSON/JSONB where clause processing"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.