Advisories the vendor has revised
Request smuggling via re-parsing of Content-Length header. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-444. Affected package(s): rust-main. Resolved in Red Hat advisory RHSA-2026:34975 — update the affected packages (`sudo dnf update`).
Arbitrary host file read via symlink following in CRI checkpoint restore. Red Hat rates this important (CVSS 6.5). Weakness: CWE-59. Affected package(s): trivy-main. Resolved in Red Hat advisory RHSA-2026:15862 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via CRI checkpoint image tag poisoning. Red Hat rates this moderate (CVSS 6.7). Weakness: CWE-1289. Affected package(s): trivy-main. Resolved in Red Hat advisory RHSA-2026:35111 — update the affected packages (`sudo dnf update`).
Denial of Service via maliciously crafted image leading to unbounded group parsing. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-770. Affected package(s): syft-main, trivy-main, kubernetes1, grype-main, opentelemetry-collector-contrib-main. Resolved in Red Hat advisory RHSA-2026:35111 — update the affected packages (`sudo dnf update`).
Information disclosure via improper validation of nested request parameters. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-639. Affected package(s): foreman. Resolved in Red Hat advisory RHSA-2026:34366 — update the affected packages (`sudo dnf update`).
Discuss the latest advisories, swap patch-day notes with other infra teams, and get support — straight from the people who run VulniPulse.
Join the communityIf you want to support server/domain costs, please donate below — much love ❤️
Donate