Keep track of the latest security vulnerabilities across your infrastructure stack.
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119 which fixes the issue. A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application. A flaw was found in Apache Tomcat. When the effective web.xml logging feature is enabled for debugging, special roles and empty authorization constraints may be omitted from the logged output. This is a logging-only issue with no runtime security impact — it only affects the accuracy of debug log output for administrators reviewing the effective web.xml configuration. Red Hat severity: Low — CVSS 2.3 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-778. Fixed by RHSA-2026:29203, RHSA-2026:32960 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue. A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced. A flaw was found in Apache Tomcat. When using the FFM-based connector with CRL-based certificate revocation checking, an error in CRL data processing is not handled correctly, potentially allowing revoked certificates to be accepted. This only affects Tomcat 10.1.0-M7+ and 11.x using the FFM connector (Java 22+ Foreign Function & Memory API) with CRL configuration — an extremely narrow set of conditions not present in standard Red Hat deployments. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-390. Fixed by RHSA-2026:29203, RHSA-2026:32960 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. A flaw was found in llvm. A local attacker could exploit a heap-based buffer overflow vulnerability in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. This flaw could lead to a denial of service, making the affected system unavailable. This vulnerability has a Low impact, as it requires a local attacker to exploit a heap-based buffer overflow in the LLVM Bitcode File Handler. Successful exploitation could lead to a denial of service by making the affected system unavailable. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-805. Fixed by RHSA-2026:24069, RHSA-2026:7634 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the `llvm::StringMap::insert` function. This manipulation could lead to a denial of service, making the affected system or application unavailable. This flaw has a Low impact as it requires a local attacker to exploit a stack-based buffer overflow in the `llvm::StringMap::insert` function. Successful exploitation could lead to a denial of service, affecting the availability of systems utilizing the vulnerable LLVM component. The vulnerability is limited to local access, reducing its overall risk in typical Red Hat deployments. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-120. Fixed by RHSA-2026:24069, RHSA-2026:7634 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-279. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission. This vulnerability affects one supported release line: **Node.js 26**. A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-648. Fixed by RHSA-2026:33866, RHSA-2026:34478, RHSA-2026:7378, RHSA-2026:9455 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict). Affected applications are those that consume Set-Cookie headers from server responses (for example via undici's fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer's view of a cookie's SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide. This was introduced in undici 5.15.0 when the cookies feature was added. Patches: Upgrade to undici v6.26.0, v7.28.0 or v8.5.0. Workarounds: After parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of 'Strict', 'Lax', or 'None' (exact, case-insensitive) before forwarding or relying on it. A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user. This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-1286. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests. This requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse. Patches: Upgrade to undici v6.26.0, v7.28.0 or v8.5.0. Workarounds: Disable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool. A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity. Low: A flaw in Undici's HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-940. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
Denial-of-service in the Graphics: ImageLib component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-1286. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Incorrect boundary conditions in the Graphics: CanvasWebGL component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-131. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes. Red Hat rates this low (CVSS 3.7). Weakness: CWE-347. Affected package(s): insights-proxy/insights-proxy-container-rhel9:1782890503, rhui5/haproxy-rhel9:1781525671, openssl, rhui5/installer-rhel9:1781525693, rhui5/cds-rhel9:1781525684, discovery/discovery-ui-rhel9:1782166952. Resolved in Red Hat advisory RHSA-2026:29197 — update the affected packages (`sudo dnf update`).
Information disclosure due to user profile permission bypass. Red Hat rates this low (CVSS 2.7). Weakness: CWE-1220. Affected package(s): rhbk/keycloak-operator-bundle:26.4.13, rhbk/keycloak-rhel9-operator:26.4, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-operator-bundle:26.6.3, rhbk/keycloak-rhel9:26.6. Resolved in Red Hat advisory RHSA-2026:30049 — update the affected packages (`sudo dnf update`).
Privilege escalation in the Security component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-266. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. Red Hat rates this low (CVSS 3.4). Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Mitigation bypass in the DOM: Security component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-358. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Spoofing issue in the Form Autofill component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-472. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Information disclosure via AJP secret timing discrepancy. Red Hat rates this low (CVSS 3.7). Weakness: CWE-208. Affected package(s): tomcat10-main, tomcat11-main. Resolved in Red Hat advisory RHSA-2026:13745 — update the affected packages (`sudo dnf update`).
Data integrity issue due to pointer truncation. Red Hat rates this low (CVSS 2.2). Weakness: CWE-681. Affected package(s): uriparser-main. Resolved in Red Hat advisory RHSA-2026:16341 — update the affected packages (`sudo dnf update`).
Security bypass allows acceptance of revoked server certificates via crafted OCSP response. Red Hat rates this low (CVSS 3.7). Weakness: CWE-179. Affected package(s): gnutls-main, rhui5/haproxy-rhel9:1781525671, gnutls, rhui5/installer-rhel9:1781525693, rhui5/cds-rhel9:1781525684, discovery/discovery-ui-rhel9:1782166952. Resolved in Red Hat advisory RHSA-2026:20613 — update the affected packages (`sudo dnf update`).
Information disclosure due to cookie leak when reusing connections with custom Host headers. Red Hat rates this low (CVSS 3.7). Weakness: CWE-346. Affected package(s): curl-main. Resolved in Red Hat advisory RHSA-2026:12916 — update the affected packages (`sudo dnf update`).
Information disclosure via timing side-channel in PKCS#7 padding removal. Red Hat rates this low (CVSS 3.7). Weakness: CWE-208. Affected package(s): rhui5/haproxy-rhel9:1781525671, gnutls, rhui5/installer-rhel9:1781525693, rhui5/cds-rhel9:1781525684, discovery/discovery-ui-rhel9:1782166952, discovery/discovery-server-rhel9:1782159791. Resolved in Red Hat advisory RHSA-2026:20613 — update the affected packages (`sudo dnf update`).
Denial of Service or data integrity issues from missing bounds check during Dilithium signing.. Red Hat rates this low (CVSS 3.3). Weakness: CWE-787. Affected package(s): libgcrypt-main. Resolved in Red Hat advisory RHSA-2026:8466 — update the affected packages (`sudo dnf update`).
Improved Arena allocations (Oracle CPU 2026-04). Red Hat rates this low (CVSS 3.7). Weakness: CWE-122. Affected package(s): java. Resolved in Red Hat advisory RHSA-2026:9694 — update the affected packages (`sudo dnf update`).
Enhance crypto algorithm support (Oracle CPU 2026-04). Red Hat rates this low (CVSS 2.9). Weakness: CWE-327. Affected package(s): java. Resolved in Red Hat advisory RHSA-2026:11829 — update the affected packages (`sudo dnf update`).
Enhance Zip file reading (Oracle CPU 2026-04). Red Hat rates this low (CVSS 3.7). Weakness: CWE-125. Affected package(s): java. Resolved in Red Hat advisory RHSA-2026:11829 — update the affected packages (`sudo dnf update`).
Enhance key generation (Oracle CPU 2026-04). Red Hat rates this low (CVSS 2.9). Weakness: CWE-327. Affected package(s): java. Resolved in Red Hat advisory RHSA-2026:11829 — update the affected packages (`sudo dnf update`).
Incorrect boundary conditions in the WebRTC: Networking component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-131. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:10757 — update the affected packages (`sudo dnf update`).
Information Schema unspecified vulnerability (CPU Apr 2026). Red Hat rates this low (CVSS 2.7). Weakness: CWE-538. Affected package(s): mysql:8.4, mysql, mysql8.4, mysql:8.0. Resolved in Red Hat advisory RHSA-2026:25919 — update the affected packages (`sudo dnf update`).
Denial of Service via hash flooding with crafted XML. Red Hat rates this low (CVSS 3.7). Weakness: CWE-331. Affected package(s): expat-main. Resolved in Red Hat advisory RHSA-2026:11004 — update the affected packages (`sudo dnf update`).
Input validation bypass via embedded NUL bytes allows parser differential attacks. Red Hat rates this low (CVSS 3.8). Weakness: CWE-170. Affected package(s): jq-main. Resolved in Red Hat advisory RHSA-2026:8579 — update the affected packages (`sudo dnf update`).
Unintended output to user terminals via logger command. Red Hat rates this low (CVSS 2.9). Weakness: CWE-117. Affected package(s): systemd-main. Resolved in Red Hat advisory RHSA-2026:7299 — update the affected packages (`sudo dnf update`).
Privilege escalation through EC2 credential creation. Red Hat rates this low (CVSS 3.5). Weakness: CWE-266. Affected package(s): openstack-keystone. Resolved in Red Hat advisory RHSA-2026:28044 — update the affected packages (`sudo dnf update`).
Arbitrary code execution due to use-after-free in DANE TLSA authentication. Red Hat rates this low (CVSS 3.7). Weakness: CWE-1341. Affected package(s): openssl-main. Resolved in Red Hat advisory RHSA-2026:7261 — update the affected packages (`sudo dnf update`).
Information disclosure via CORS header injection due to unvalidated JWT azp claim. Red Hat rates this low (CVSS 3.7). Weakness: CWE-346. Affected package(s): rhbk/keycloak-operator-bundle:26.4.13, rhbk/keycloak-rhel9-operator:26.4, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-operator-bundle:26.6.3, rhbk/keycloak-rhel9:26.6. Resolved in Red Hat advisory RHSA-2026:30049 — update the affected packages (`sudo dnf update`).
Low integrity impact from unconfirmed proxy-mode multiplexing sessions. Red Hat rates this low (CVSS 2.2). Weakness: CWE-306. Affected package(s): openssh, rhaiis/model-opt-cuda-rhel9:1780681984, discovery/discovery-ui-rhel9:1778156756, rhui5/rhua-rhel9:1779798222, discovery/discovery-server-rhel9:1778101579, rhui5/installer-rhel9:1779798165. Resolved in Red Hat advisory RHSA-2026:14937 — update the affected packages (`sudo dnf update`).
Information disclosure due to unintended cryptographic algorithm usage. Red Hat rates this low (CVSS 3.1). Weakness: CWE-115. Affected package(s): openssh, rhaiis/model-opt-cuda-rhel9:1780681984, rhui5/rhua-rhel9:1779798222, discovery/discovery-server-rhel9:1778101579, rhui5/installer-rhel9:1779798165. Resolved in Red Hat advisory RHSA-2026:14937 — update the affected packages (`sudo dnf update`).
Arbitrary command execution via shell metacharacters in username. Red Hat rates this low (CVSS 3.6). Weakness: CWE-78. Affected package(s): openssh, rhaiis/model-opt-cuda-rhel9:1780681984, rhui5/rhua-rhel9:1779798222, discovery/discovery-server-rhel9:1778101579, rhui5/installer-rhel9:1779798165. Resolved in Red Hat advisory RHSA-2026:14937 — update the affected packages (`sudo dnf update`).
Security bypass due to improper DNS name constraint validation. Red Hat rates this low (CVSS 3.7). Weakness: CWE-295. Affected package(s): python-cryptography-main. Resolved in Red Hat advisory RHSA-2026:7295 — update the affected packages (`sudo dnf update`).
Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions. Red Hat rates this low (CVSS 3.3). Weakness: CWE-425. Affected package(s): nodejs24, nodejs:24. Resolved in Red Hat advisory RHSA-2026:7350 — update the affected packages (`sudo dnf update`).
Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.. Red Hat rates this low (CVSS 3.8). Weakness: CWE-279. Affected package(s): nodejs20-main, nodejs25-main, nodejs24, nodejs22-main, nodejs:24, nodejs24-main. Resolved in Red Hat advisory RHSA-2026:7350 — update the affected packages (`sudo dnf update`).
Server-Side Request Forgery via OIDC token endpoint manipulation. Red Hat rates this low (CVSS 3.1). Weakness: CWE-918. Affected package(s): rhbk/keycloak-operator-bundle:26.4.13, rhbk/keycloak-rhel9-operator:26.4, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-operator-bundle:26.6.3, rhbk/keycloak-rhel9:26.6. Resolved in Red Hat advisory RHSA-2026:30049 — update the affected packages (`sudo dnf update`).
NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests. Red Hat rates this low (CVSS 3.7). Weakness: CWE-93. Affected package(s): nginx-main. Resolved in Red Hat advisory RHSA-2026:8346 — update the affected packages (`sudo dnf update`).
Undefined behavior in the WebRTC: Signaling component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-475. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:6917 — update the affected packages (`sudo dnf update`).
Incorrect boundary conditions in the Graphics: Text component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-805. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:6917 — update the affected packages (`sudo dnf update`).
Python pkgutil.get_data(): Path Traversal via improper resource argument validation. Red Hat rates this low (CVSS 3.3). Weakness: CWE-22. Affected package(s): python3. Resolved in Red Hat advisory RHSA-2026:10118 — update the affected packages (`sudo dnf update`).
`tarfile` module misinterprets crafted tar archives leading to data integrity issues. Red Hat rates this low (CVSS 2.5). Weakness: CWE-237. Affected package(s): python3. Resolved in Red Hat advisory RHSA-2026:10118 — update the affected packages (`sudo dnf update`).
Information Disclosure via Crafted ZIP File. Red Hat rates this low (CVSS 3.3). Weakness: CWE-908. Affected package(s): sqlite-main. Resolved in Red Hat advisory RHSA-2026:7656 — update the affected packages (`sudo dnf update`).
org.keycloak.services.resources.admin.UserResource: Keycloak: Information disclosure of disabled user attributes via administrative endpoint. Red Hat rates this low (CVSS 2.7). Weakness: CWE-359. Affected package(s): rhbk/keycloak-operator-bundle:26.4.11, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9-operator:26.4, rhbk/keycloak-rhel9:26.4. Resolved in Red Hat advisory RHSA-2026:6478 — update the affected packages (`sudo dnf update`).
infinite loop in readelf via crafted binary with malformed DWARF loclists data. Red Hat rates this low (CVSS 3.3). Weakness: CWE-835. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
infinite loop in readelf via crafted binary with malformed DWARF .debug_rnglists data. Red Hat rates this low (CVSS 3.3). Weakness: CWE-835. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
Information disclosure via improper handling of configuration values. Red Hat rates this important (CVSS 3.3). Weakness: CWE-117. Affected package(s): zookeeper, rhoai/odh-modelmesh-rhel9:1776756834. Resolved in Red Hat advisory RHSA-2026:14276 — update the affected packages (`sudo dnf update`).
FileInfo can escape from a Root in golang os module. Red Hat rates this low (CVSS 2.5). Weakness: CWE-22. Affected package(s): golang1. Resolved in Red Hat advisory RHSA-2026:7385 — update the affected packages (`sudo dnf update`).
Panic in name constraint checking for malformed certificates in crypto/x509. Red Hat rates this low (CVSS 3.7). Weakness: CWE-295. Affected package(s): golang1. Resolved in Red Hat advisory RHSA-2026:7291 — update the affected packages (`sudo dnf update`).
Binutils objdump: Denial of Service via crafted DWARF debug information. Red Hat rates this low (CVSS 2.8). Weakness: CWE-1285. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
Denial of Service via crafted binary with malformed DWARF debug information. Red Hat rates this low (CVSS 2.8). Weakness: CWE-606. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
Denial of Service via malformed DWARF debug_rnglists data. Red Hat rates this low (CVSS 2.8). Weakness: CWE-606. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
double free in readelf via crafted ELF binary with malformed relocation data. Red Hat rates this low (CVSS 3.3). Weakness: CWE-415. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
abort in readelf via crafted ELF binary with malformed DWARF abbrev or debug information. Red Hat rates this low (CVSS 3.3). Weakness: CWE-617. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
NULL pointer dereference in readelf via crafted ELF binary with malformed header fields. Red Hat rates this low (CVSS 3.3). Weakness: CWE-476. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
Denial of Service via crafted ELF binary processing. Red Hat rates this low (CVSS 2.8). Weakness: CWE-824. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:7098 — update the affected packages (`sudo dnf update`).
Discuss the latest advisories, swap patch-day notes with other infra teams, and get support — straight from the people who run VulniPulse.
Join the communityIf you want to support server/domain costs, please donate below — much love ❤️
Donate