Cross-Site Scripting vulnerability via untrusted React Server Component redirects
Summary
Cross-Site Scripting vulnerability via untrusted React Server Component redirects. Red Hat rates this moderate (CVSS 4.2). Weakness: CWE-79. Affected package(s): rhoai/odh-mod-arch-automl-rhel9:1782722421, rhoai/odh-mod-arch-mlflow-rhel9:1782132932, rhoai/odh-mod-arch-autorag-rhel9:1782722485, rhoai/odh-mod-arch-maas-rhel9:1782722695, rhoai/odh-mod-arch-model-registry-rhel9:1782722726, rhoai/odh-mod-arch-eval-hub-rhel9:1782722438. Resolved in Red Hat advisory RHSA-2026:34456 — update the affected packages (`sudo dnf update`).
- rhoai/odh-mod-arch-automl-rhel9:1782722421
- rhoai/odh-mod-arch-mlflow-rhel9:1782132932
- rhoai/odh-mod-arch-autorag-rhel9:1782722485
- rhoai/odh-mod-arch-maas-rhel9:1782722695
- rhoai/odh-mod-arch-model-registry-rhel9:1782722726
- rhoai/odh-mod-arch-eval-hub-rhel9:1782722438
- rhoai/odh-mod-arch-gen-ai-rhel9:1782134585
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- RHSA-2026:34456
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:34456 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.