Information disclosure via cross-origin redirects forwarding sensitive headers
Summary
Information disclosure via cross-origin redirects forwarding sensitive headers. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-201. Affected package(s): rhaiis/model-opt-cuda-rhel9:1782352950, rhaiis/vllm-spyre-rhel9:1782352919, satellite/iop-yuptoo-rhel9:1782380482, satellite/iop-insights-engine-rhel9:1782448455, satellite/iop-host-inventory-rhel9:1780414237, satellite/iop-puptoo-rhel9:1779792651. Resolved in Red Hat advisory RHSA-2026:26221 — update the affected packages (`sudo dnf update`).
- rhaiis/model-opt-cuda-rhel9:1782352950
- rhaiis/vllm-spyre-rhel9:1782352919
- satellite/iop-yuptoo-rhel9:1782380482
- satellite/iop-insights-engine-rhel9:1782448455
- satellite/iop-host-inventory-rhel9:1780414237
- satellite/iop-puptoo-rhel9:1779792651
- python-urllib3-0:1.26.19-4.el10_2
- python3.12-urllib3-0:2.7.0-1.el9ap
- python-urllib3-main-2.7.0-3.hum1
- rhaii/vllm-cpu-rhel9:1780356811
- python3.14-urllib3-0:2.6.3-2.el10_2
- satellite/iop-host-inventory-rhel9:1780403026
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
- RHSA-2026:26221
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:26221 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.