Denial of Service via crafted YAML documents
Summary
Denial of Service via crafted YAML documents. Red Hat rates this important (CVSS 7.5). Weakness: CWE-606. Red Hat lists fixing advisory RHSA-2026:37534 with package nodejs22-main-22.23.1-2.1.hum1, nodejs24-main-24.18.0-0.3.hum1, dotnet8-0-main-8.0.128-1.1.hum1, nodejs25-main-25.9.0-1.3.hum1.
What this means
In plain English
Denial of Service via crafted YAML documents. Red Hat rates this important (CVSS 7.5). Weakness: CWE-606. Red Hat lists fixing advisory RHSA-2026:37534 with package nodejs22-main-22.23.1-2.1.hum1, nodejs24-main-24.18.0-0.3.hum1, dotnet8-0-main-8.0.128-1.1.hum1, nodejs25-main-25.9.0-1.3.hum1. Successful exploitation can interrupt the affected service or exhaust resources, reducing availability until the component recovers.
Recommended action
Primary action: update to a vendor-listed fixed release: nodejs22-main-22.23.1-2.1.hum1, nodejs24-main-24.18.0-0.3.hum1, dotnet8-0-main-8.0.128-1.1.hum1, nodejs25-main-25.9.0-1.3.hum1, RHSA-2026:37534.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
Affected versions
No affected-version range was extracted from the source record. The vendor advisory is authoritative — check it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- nodejs22-main-22.23.1-2.1.hum1
- nodejs24-main-24.18.0-0.3.hum1
- dotnet8-0-main-8.0.128-1.1.hum1
- nodejs25-main-25.9.0-1.3.hum1
- RHSA-2026:37534
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation
Upgrade to a fixed release: nodejs22-main-22.23.1-2.1.hum1, nodejs24-main-24.18.0-0.3.hum1, dotnet8-0-main-8.0.128-1.1.hum1, nodejs25-main-25.9.0-1.3.hum1, RHSA-2026:37534. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.