Medium5.8Red Hat Linux Updated
Server-Side Request Forgery allows unauthorized internal network access
CVE-2026-54430 Published Jul 2, 2026Updated by vendor Jul 2, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Server-Side Request Forgery allows unauthorized internal network access. Red Hat rates this moderate (CVSS 5.8). Weakness: CWE-918.
Mitigation checklist
Recommended fix / mitigation
- Restrict network access to the application endpoint that processes AWS ALB-signed JWTs to trusted sources only. If the AWS ALB verification feature (oauth2_jose_jwks_aws_alb_resolve) is not required, disable it in the liboauth2 configuration. Upgrade to liboauth2 version 2.3.0 or later to fully resolve this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.