Arbitrary code execution via 'helpfile' option processing
Summary
Arbitrary code execution via 'helpfile' option processing. Red Hat rates this moderate (CVSS 7.3). Weakness: CWE-120. Affected package(s): rhcos, rhaiis/vllm-rocm-rhel9:1778244531, rhui5/haproxy-rhel9:1776868744, rhui5/installer-rhel9:1776868772, vim, rhui5/cds-rhel9:1776868774. Resolved in Red Hat advisory RHSA-2026:4715 — update the affected packages (`sudo dnf update`).
- rhcos-414.92.202605060243-0
- rhcos-417.94.202605112123-0
- rhaiis/vllm-rocm-rhel9:1778244531
- rhcos-4.19.9.6.202604080618-0
- rhui5/haproxy-rhel9:1776868744
- rhui5/installer-rhel9:1776868772
- vim-2:9.1.083-5.el10_0.2
- rhui5/cds-rhel9:1776868774
- rhaiis/vllm-cuda-rhel9:1775740563
- vim-2:8.0.1763-20.el8_8.1
- vim-2:8.2.2637-23.el9_7.1
- vim-2:8.2.2637-22.el9_6.2
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:4715
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:4715 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.