Security restriction bypass via malformed HTTP Host header
Summary
Security restriction bypass via malformed HTTP Host header. Red Hat rates this critical (CVSS 6.5). Weakness: CWE-1289. Affected package(s): rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9:1782132660, rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9:1782133865, rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9:1782132444, satellite/iop-host-inventory-rhel9:1780414237, satellite/foreman-mcp-server-rhel9:1780492012, rhoai/odh-trustyai-nemo-guardrails-server-rhel9:1782420349. Resolved in Red Hat advisory RHSA-2026:34526 — update the affected packages (`sudo dnf update`).
- rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9:1782132660
- rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9:1782133865
- rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9:1782132444
- satellite/iop-host-inventory-rhel9:1780414237
- satellite/foreman-mcp-server-rhel9:1780492012
- rhoai/odh-trustyai-nemo-guardrails-server-rhel9:1782420349
- rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9:1782135300
- rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9:1782132686
- satellite/iop-host-inventory-rhel9:1780403026
- rhoai/odh-llama-stack-core-rhel9:1782132126
- ansible-automation-platform-26/lightspeed-chatbot-rhel9:1780102732
- rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9:1782132767
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
- RHSA-2026:34526
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:34526 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.