RHSA-2026:8499
Vulnerability from csaf_redhat - Published: 2026-04-16 15:10 - Updated: 2026-04-16 20:07Summary
Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image
Severity
Critical
Notes
Topic: A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry.
Details: Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.
https://access.redhat.com/errata/RHSA-2026:8499
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific "Gadget" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.
9.0 (Critical)
Vendor Fix
For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.
https://access.redhat.com/errata/RHSA-2026:8499
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. ",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8499",
"url": "https://access.redhat.com/errata/RHSA-2026:8499"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40175",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
"url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8499.json"
}
],
"title": "Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image",
"tracking": {
"current_release_date": "2026-04-16T20:07:40+00:00",
"generator": {
"date": "2026-04-16T20:07:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:8499",
"initial_release_date": "2026-04-16T15:10:01+00:00",
"revision_history": [
{
"date": "2026-04-16T15:10:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T15:10:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-16T20:07:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18",
"product": {
"name": "Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64",
"product": {
"name": "registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64",
"product_id": "registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/iop-advisor-frontend-rhel9@sha256%3A9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b?arch=amd64\u0026repository_url=registry.redhat.io/satellite\u0026tag=1776250950"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64 as a component of Red Hat Satellite 6.18",
"product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
},
"product_reference": "registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64",
"relates_to_product_reference": "Red Hat Satellite 6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T15:10:01+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8499"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-40175",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-10T20:02:10.296601+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific \"Gadget\" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Remote Code Execution via Prototype Pollution escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Critical impact: The Axios library, a promise-based HTTP client, is susceptible to a prototype pollution vulnerability. This flaw, when combined with specific \"Gadget\" attack chains in third-party dependencies, can lead to remote code execution or full cloud compromise, including bypassing AWS IMDSv2.\n \nWith pollution check patch available in Axios gives an advantage, it remains vulnerable due to HTTP Header Sanitation and Server-Side Request Forgery threat.\n\nRed Hat products that incorporate the vulnerable Axios library are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "RHBZ#2457432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1",
"url": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10660",
"url": "https://github.com/axios/axios/pull/10660"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx",
"url": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"
}
],
"release_date": "2026-04-10T19:23:52.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T15:10:01+00:00",
"details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
"product_ids": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8499"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-frontend-rhel9@sha256:9daf45edc32d3fbb6d3aea43d981b09b4ddd4a762bad4fb36f516b4ee81a0d7b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…