Arbitrary code execution via untrusted input in template imports
Summary
Arbitrary code execution via untrusted input in template imports. Red Hat rates this important (CVSS 8.1). Weakness: CWE-94. Affected package(s): odf4/ocs-client-console-rhel9:1778050558, odf4/mcg-core-rhel9:1776403991, cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996, odf4/ocs-client-rhel9-operator:1778049818, odf4/odf-cloudnative-pg-rhel9-operator:1776406131, satellite/iop-remediations-rhel9:1776194798. Resolved in Red Hat advisory RHSA-2026:29795 — update the affected packages (`sudo dnf update`).
- odf4/ocs-client-console-rhel9:1778050558
- odf4/mcg-core-rhel9:1776403991
- cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996
- odf4/ocs-client-rhel9-operator:1778049818
- odf4/odf-cloudnative-pg-rhel9-operator:1776406131
- satellite/iop-remediations-rhel9:1776194798
- cryostat/cryostat-openshift-console-plugin-rhel9:4.2.0-9
- openshift4/ose-networking-console-plugin-rhel9:1778517109
- odf4/odf-csi-addons-sidecar-rhel9:1778050048
- odf4/odf-multicluster-console-rhel9:1778078096
- odf4/odf-cosi-sidecar-rhel9:1778045627
- odf4/odf-rhel9-operator:1776707763
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:29795
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:29795 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.