1680 advisories tracked · Red Hat Security Data API + Ubuntu Security Notices · checked automatically every minute
Pick your distribution release to see every advisory issued for it and its severity mix. Fixes ship as errata — keep the system patched. This is the release's advisory history, not a per-package scan.
Red Hat Security Data API + Ubuntu Security Notices
Combines Red Hat Enterprise Linux errata (RHSA) via the official Red Hat Security Data API — CVE severity, CVSS and affected packages — with Ubuntu Security Notices (USN) via ubuntu.com's public API (affected releases + CVEs). Both are credential-free official sources.
Visit Red Hat & Ubuntu Linux security advisoriesA flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane. Red Hat Product Security is aware of this issue affecting RHACS Central. This flaw allows an authenticated user to reduce availability of the Central management component. Red Hat is not aware of malicious exploitation of this issue outside of coordinated testing. Updates addressing this issue will be released according to the RHACS support lifecycle. Refer to the associated errata when available for affected versions and update instructions. Red Hat severity: Important — CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Weakness: CWE-400. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute them via the `java()` function, which invokes `subprocess.Popen()` without integrity verification. This vulnerability is identical to CVE-2026-0848, which was fixed for StanfordSegmenter by adding SHA256 verification. However, the fix was not applied to these additional classes, leaving them susceptible to arbitrary code execution when loading untrusted JAR files. A flaw was found in the `nltk` library. Several Stanford interface classes within `nltk` are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive (JAR) file, as the system lacks integrity verification for these files. Red Hat severity: Important — CVSS 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-347. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap (datalen = length + fraggap). When fraggap is non-zero, this is not the first skb and transhdrlen is zero. The fraggap bytes carried over from the previous skb are copied just past the fragment headers in the new skb's linear area. The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount, and the copy writes past skb->end into the trailing skb_shared_info. An unprivileged user can trigger this via a UDPv6 socket using MSG_MORE together with MSG_SPLICE_PAGES. The bad accounting was introduced by commit 773ba4fe9104 ("ipv6: avoid partial copy for zc"). Before commit ce650a166335 ("udp6: Fix __ip6_append_data()'s handling of MSG_SPLICE_PAGES"), the negative copy value caused -EINVAL to be returned. That later commit allowed MSG_SPLICE_PAGES to proceed in this case, making the corruption triggerable. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic. Since a negative copy is no longer expected for a valid MSG_SPLICE_PAGES case, remove the MSG_SPLICE_PAGES exception from the negative copy check. A flaw was found in the Linux kernel's IPv6 networking subsystem. Incorrect accounting for fragment gaps (fraggap) on the paged allocation path in the __ip6_append_data() function can lead to memory corruption. An unprivileged user can exploit this vulnerability by using a UDPv6 socket with specific message flags, potentially causing system instability or other unforeseen impacts. Red Hat severity: Important — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-131. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change (PSC) requests _rely_ on this behavior, as the guest can't provide a length when making the request, i.e. the size of the guest payload is bounded by the size of the shared buffer. Failure to force usage of the GHCB, and a slew of other flaws, lets a malicious SNP guest corrupt host kernel heap memory, and leak host heap layout information. setup_vmgexit_scratch() allocates a buffer via kvzalloc(exit_info_2), where exit_info_2 is guest-controlled. With exit_info_2=24, this yields a 24-byte allocation in kmalloc-cg-32 (32-byte slab objects). The buffer holds an 8-byte psc_hdr followed by 8-byte psc_entry structs, so only entries[0] and entries[1] are in-bounds. snp_begin_psc() validates end_entry against VMGEXIT_PSC_MAX_COUNT (253) but NOT against the actual buffer size: idx_end = hdr->end_entry; if (idx_end >= VMGEXIT_PSC_MAX_COUNT) { // checks 253, not buffer snp_complete_psc(svm, ...); return 1; } for (idx = idx_start; idx <= idx_end; idx++) { entry_start = entries[idx]; // OOB when idx >= 2 The guest sets end_entry=10+, causing the host to iterate entries[2+] which are OOB into adjacent slab objects. For each OOB entry: - The host reads 8 bytes (OOB READ / info leak oracle) - If the data passes PSC validation, __snp_complete_one_psc() writes cur_page = 1 or 512 into the entry (OOB WRITE, sev.c:3806) - If validation fails, the error response reveals whether adjacent memory is zero vs non-zero (information disclosure to guest) The guest controls allocation size (exit_info_2), entry range (cur_entry/end_entry), and can fire unlimited VMGEXITs to repeatedly hit different slab positions. By exploiting the variety of bugs, a malicious SEV-SNP guest can: - OOB read adjacent kmalloc-cg-32 objects (heap layout disclosure) - OOB write cur_page bits into adjacent objects (heap corruption) - Trigger use-after-free conditions across VMGEXITs E.g. with KASAN enabled, a single insmod of the PoC guest module produces 73 KASAN reports: BUG: KASAN: slab-out-of-bounds in snp_begin_psc+0x126/0x890 Read of size 8 at addr ffff888219ffb5e0 by task qemu-system-x86/2199 BUG: KASAN: slab-out-of-bounds in snp_begin_psc+0x468/0x890 Write of size 8 at addr ffff888351566648 by task qemu-system-x86/2199 The buggy address belongs to the object at ffff888XXXXXXXXX which belongs to the cache kmalloc-cg-32 of size 32 The buggy address is located N bytes to the right of allocated 32-byte region [ffff888XXXXXXXXX, ffff888XXXXXXXXX) Breakdown: 62 slab-out-of-bounds (reads + writes past allocation) 7 slab-use-after-free 4 use-after-free All credit to Stan for the wonderful description and reproducer! [sean: write changelog] A flaw was found in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically within the SEV (Secure Encrypted Virtualization) feature. A malicious guest operating system utilizing SEV-SNP (Secure Nested Paging) can exploit an out-of-bounds write vulnerability due to improper validation of guest-controlled input during Guest-Host Communication Block (GHCB) operations. This allows the guest to read and write beyond allocated memory regions, leading to host kernel heap memory corruption and disclosure of sensitive heap layout information. This could enable a malicious guest to escalate privileges on the host system. Red Hat severity: Important — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-787. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free. A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) x86 shadow paging mechanism. This vulnerability occurs when a page directory entry (PDE) mapping is changed from outside the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a use-after-free condition, where the system attempts to access memory that has already been released. Such a condition can lead to system instability, denial of service, or potentially the execution of arbitrary code. Red Hat severity: Important — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-825. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process. A flaw was found in the Keras deep learning library. This vulnerability allows a remote attacker to execute arbitrary code on the system by exploiting improper handling of deserialization in the `Lambda` layer. Specifically, a security safeguard designed to prevent unsafe deserialization is bypassed when the `safe_mode` setting is not explicitly enabled, allowing malicious code to be processed. This can lead to complete compromise of the affected server or user process. This is an Important arbitrary code execution vulnerability in the Keras deep learning library, impacting Red Hat OpenShift AI components. The flaw arises from improper deserialization in the `Lambda` layer, where a security safeguard is bypassed if `safe_mode` is not explicitly enabled. Exploitation requires user interaction, such as loading a specially crafted Keras model. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-502. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. Attackers can inject dot-dot sequences into the URL to traverse outside the designated spaces directory, and when the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations. A flaw was found in Cockpit CMS. This vulnerability, a path traversal and local file inclusion, allows an unauthenticated attacker to read arbitrary files or execute PHP files. By manipulating the URL, an attacker can bypass security checks and access restricted directories. This could lead to unauthorized information disclosure or the execution of malicious code on affected systems. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-22. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships. Will not fix / out of support: Red Hat Enterprise Linux 7.
The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process. An unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected. This issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10. A flaw was found in Erlang/OTP's SSL (Secure Sockets Layer) application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a Denial of Service (DoS) for new TLS 1.3 connections until the SSL application is restarted. This vulnerability is caused by improper validation of PSK (Pre-Shared Key) identity and binder list lengths. A flaw was found in the Erlang/OTP ssl application. The TLS 1.3 session ticket handler does not validate that PSK identity and binder lists have equal length, allowing an unauthenticated attacker to crash session ticket handling via a crafted ClientHello, making TLS 1.3 unusable until the ssl application is restarted. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-130. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master. A flaw was found in open62541. An unauthenticated remote attacker can exploit a vulnerability in the GetEndpoints Discovery Service by sending a malformed request with an excessively long, unvalidated endpointUrl field. This can lead to the server buffering large amounts of data indefinitely, causing server memory exhaustion and a Denial of Service (DoS) condition. This attack can occur before a secure session is established and bypasses encryption configurations. A flaw was found in open62541, an open-source OPC UA implementation. The GetEndpoints Discovery Service does not validate the length of the endpointUrl field in GetEndpointsRequest. An unauthenticated remote attacker can declare an arbitrarily large string (up to ~4 GB) delivered via intermediate chunks without sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out, causing memory exhaustion and denial of service. The attack is pre-session and bypasses all encryption configurations. Affected versions: 1.4.0 through 1.4.16, 1.5.0 through 1.5.4. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1284. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Denial of Service via uncontrolled resource consumption in JSON parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote code execution via JNDI injection. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
SQL Injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-89. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.. Red Hat rates this important (CVSS 8.2). Weakness: CWE-807. Affected package(s): syft-main, trivy-main. Resolved in Red Hat advisory RHSA-2026:15862 — update the affected packages (`sudo dnf update`).
Privilege escalation via incorrect user ID handling. Red Hat rates this important (CVSS 7.8). Weakness: CWE-681. Affected package(s): trivy-main. Resolved in Red Hat advisory RHSA-2026:35111 — update the affected packages (`sudo dnf update`).
Denial of Service via excessive HTTP headers. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted ALZ file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted DMG file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted 7z file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted PESpin file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted InstallShield file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted Portable Executable (PE) files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted FSG file parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Privilege escalation to administrator-level access via usergroup role assignment manipulation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-266. Affected package(s): foreman. Resolved in Red Hat advisory RHSA-2026:34366 — update the affected packages (`sudo dnf update`).
Authentication bypass via predictable session IDs. Red Hat rates this important (CVSS 7.4). Weakness: CWE-331. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Host-root command execution via unvalidated image config labels in CRI plugin. Red Hat rates this important (CVSS 8.8). Weakness: CWE-78. Affected package(s): trivy-main. Resolved in Red Hat advisory RHSA-2026:35111 — update the affected packages (`sudo dnf update`).
Remote code execution via deserialization vulnerability. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution through AppImage library loading vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-427. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used to fetch an attacker URL and spawn a second BrokerService inside the same JVM. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue. A flaw was found in Apache ActiveMQ. An attacker with privileges to publish or modify entries in Lightweight Directory Access Protocol (LDAP) can exploit an improper input validation vulnerability. This allows the attacker to instantiate denied transports within the broker's Java Virtual Machine (JVM). Consequently, this can be used to fetch an attacker-controlled URL and launch an additional BrokerService within the same JVM, potentially leading to a denial of service or further system compromise. Red Hat products ship Apache ActiveMQ Classic components as transitive dependencies. The vulnerability is in the LdapNetworkConnector feature specific to Classic ActiveMQ, which allows an attacker with LDAP write access to instantiate denied transports and spawn a rogue broker. This feature is not configured or used in any Red Hat product deployment. Red Hat AMQ Broker is based on Apache ActiveMQ Artemis, a separate codebase that does not include the LdapNetworkConnector. Red Hat severity: Important — CVSS 7.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). Weakness: CWE-90. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can keep streaming body bytes and grow the per-connection command buffer beyond configured limits to cause OOM. For the blocking STOMP protocol, an error will instead force abnormal transport exception handling for the affected connection and closure. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Stomp: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue. A flaw was found in Apache ActiveMQ. A remote, unauthenticated attacker can exploit an improper input validation vulnerability by sending a specially crafted message with a negative content-length to an exposed STOMP connector. This can lead to a denial of service (DoS) condition, either by consuming excessive memory and causing an Out-Of-Memory (OOM) error or by forcing the abnormal closure of affected connections. Red Hat products ship Apache ActiveMQ Classic components as transitive dependencies. The vulnerability is in the Classic ActiveMQ STOMP connector's content-length validation, allowing an unauthenticated attacker to cause OOM via a negative content-length value. Apache ActiveMQ Artemis, which powers Red Hat AMQ Broker, has its own STOMP protocol implementation (artemis-stomp-protocol) that does not share this code path. The Classic STOMP connector is not exposed in Red Hat product deployments. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-839. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the broker to attempt allocation during pre-auth negotiation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue. A flaw was found in Apache ActiveMQ. An unauthenticated network attacker can exploit this vulnerability by sending a specially crafted WireFormatInfo frame with an excessively large size value. This unvalidated value causes the broker to attempt an oversized memory allocation during pre-authentication negotiation. Consequently, this can lead to an Out Of Memory (OOM) error, resulting in a Denial of Service (DoS) and crashing the broker. A flaw was found in Apache ActiveMQ Classic's OpenWire protocol handling. An unauthenticated remote attacker can crash the broker by sending a crafted WireFormatInfo frame with a malicious oversized value during pre-authentication protocol negotiation, causing an Out of Memory condition. Red Hat AMQ Broker is based on Apache ActiveMQ Artemis, but its OpenWire protocol support delegates wire format negotiation to Classic ActiveMQ's activemq-client code, which is vulnerable to this attack on the OpenWire listener port. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships. Will not fix / out of support: Red Hat Fuse 7.
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue. A flaw was found in Apache ActiveMQ. An unauthenticated remote attacker can exploit this vulnerability by repeatedly sending BrokerInfo commands without corresponding ConnectionInfo commands. This can lead to an Out of Memory condition, causing the broker to crash and resulting in a Denial of Service. Red Hat products that include Apache ActiveMQ classic components ship versions prior to 5.19.7 (5.x line) and prior to 6.2.6 (6.x line). The vulnerable code was introduced as a regression in versions 5.19.7 and 6.2.6 while fixing CVE-2026-49270, and is not present in the versions shipped by Red Hat. Products shipping Apache ActiveMQ Artemis are not affected as Artemis is a separate codebase. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM heap. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Stomp: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue. Red Hat products ship Apache ActiveMQ Classic components as transitive dependencies. The vulnerability is in the Classic ActiveMQ STOMP NIO codec, which does not limit the size of header byte buffering, allowing an unauthenticated attacker to exhaust JVM heap memory. Apache ActiveMQ Artemis, which powers Red Hat AMQ Broker, has its own STOMP protocol implementation (artemis-stomp-protocol) that does not share this code path. The Classic STOMP NIO codec is not exposed in Red Hat product deployments. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-789. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue. A flaw was found in Apache ActiveMQ. Temporary destinations, which are designed to be private to a specific connection, can be accessed by other connections due to a missing authorization check. This allows an unauthorized connection to consume messages from another connection's temporary destination, leading to information disclosure. Red Hat products ship Apache ActiveMQ Classic components as transitive dependencies. The vulnerability is in the Classic ActiveMQ broker's temporary destination isolation, where access control is enforced only client-side, allowing a different connection to consume messages from another connection's temporary destination. Red Hat AMQ Broker is based on Apache ActiveMQ Artemis, which has its own temporary destination implementation. The Classic broker's temporary destination logic is not exercised at runtime in Red Hat product deployments. Red Hat severity: Important — CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L). Weakness: CWE-1220. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to expand(), directly or transitively, can cause significant CPU consumption and event-loop blocking. The max option does not mitigate this, as it bounds the output size rather than the recursion work. A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the `expand()` function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-loop blocking. This can result in a Denial of Service (DoS) for the affected system. A flaw was found in brace-expansion, a widely-used npm package for expanding brace sequences. The expand() function exhibits exponential-time complexity when processing consecutive non-expanding brace groups. An attacker who can supply crafted input to expand(), directly or transitively via minimatch or glob, can cause significant CPU consumption and event-loop blocking, resulting in denial of service. The max option does not mitigate this issue, as it bounds the output size rather than the recursion work. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1333. Fixed by RHSA-2026:33866, RHSA-2026:34478, RHSA-2026:35272 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images. Will not fix / out of support: OpenShift Service Mesh 2; Red Hat Fuse 7; Red Hat Hardened Images.
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input. A flaw was found in the `decode-uri-component` library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by submitting specially crafted input. The `decode()` function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can lead to the application becoming unresponsive and unavailable. A denial of service flaw was found in the decode-uri-component npm package. The decode() function exhibits super-linear time complexity when processing input containing many percent-encoded sequences, allowing an attacker to cause significant CPU consumption and event-loop blocking. In Red Hat products where this package is bundled (OpenShift Console, Quay, Pipelines, RHOAI, and others), exploitation requires that attacker-controlled input containing crafted percent-encoded strings reaches the decode() function without prior length validation. Red Hat rates this as Moderate severity since the impact is limited to availability with no confidentiality or integrity impact, consistent with the CNA's CVSS 4.0 assessment of 6.6 Medium. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1050. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for percent-encoded traversal sequences such as `..%2f`. The `url2pathname()` function decodes these sequences after the validation step, allowing an attacker to bypass the protection. This vulnerability enables an attacker to read arbitrary files accessible to the Python process by controlling the resource name parameter passed to `nltk.data.load()` or `nltk.data.find()`. The issue affects applications that rely on NLTK for resource loading, including NLP web applications, Jupyter notebooks, and CLI tools. The default `pathsec.ENFORCE=False` setting exacerbates the impact by not blocking the file read at the `open()` stage. A flaw was found in NLTK. An attacker can exploit a path traversal vulnerability by providing specially crafted input to `nltk.data.load()` or `nltk.data.find()`. This allows the attacker to read arbitrary files accessible to the Python process, leading to information disclosure. The vulnerability arises from an incomplete fix that fails to account for percent-encoded traversal sequences. A path traversal flaw was found in NLTK's resource loading functions (nltk.data.load() and nltk.data.find()). The vulnerability allows arbitrary file reads when an attacker can control the resource_name parameter by using percent-encoded path separators to bypass validation. In Red Hat products where NLTK is bundled (OpenShift AI, OpenShift Lightspeed, Ansible Automation Platform), the resource loading functions are typically used internally to load pre-packaged NLP models and corpora. Exploitation requires that untrusted user input is passed directly to these functions without additional sanitization. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-22. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships. Will not fix / out of support: Red Hat Ansible Automation Platform 2.
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163. A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating symbolic links and how git monitors file system changes, an attacker could overwrite important user files, potentially leading to unauthorized code execution on the user's system. This attack requires a user to interact with a malicious code repository. This is an Important vulnerability in Claude Code, an agentic coding tool within OpenShift Lightspeed, stemming from a git directory confusion flaw. The vulnerability allows an attacker to overwrite user configuration files, leading to arbitrary code execution outside of sandbox restrictions. Exploitation requires a user to clone a malicious repository and then execute Claude Code against its contents. Red Hat severity: Important — CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-59. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize() and equal() still return values that differ from a WHATWG-compatible URL parser. Applications that use fast-uri to enforce host-based policy (denylists, loopback filtering, redirect validation, outbound proxy routing) before passing the same URL to Node's URL or fetch can be bypassed when the two implementations resolve the same input to different hosts. Patches: upgrade to fast-uri 3.1.3 for the 3.x line or 4.0.1 for the 4.x line. Workarounds: enforce host policy using the same URL parser used for the actual request, or reject non-ASCII hosts before policy checks. A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode (Internationalized Domain Name - IDN) hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when applications use fast-uri to enforce these policies before passing the URL to another parser. A remote attacker could exploit this to circumvent security controls and potentially access unauthorized resources or perform malicious redirects. This Important flaw in `fast-uri` allows a remote attacker to bypass host-based security policies. Applications that rely on `fast-uri` for URL parsing and policy enforcement, such as denylists or redirect validations, can be circumvented due to inconsistent handling of Unicode hostnames. This discrepancy between `fast-uri` and other URL parsers could lead to unauthorized resource access or malicious redirects in affected Red Hat products. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Weakness: CWE-551. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships. Will not fix / out of support: Red Hat Ansible Automation Platform 2; Red Hat Data Grid 8.
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation. A flaw was found in the `acl` package, specifically within its `libacl` pathname-based functions. A local attacker could exploit this vulnerability by using a symbolic link to replace a pathname component. This could allow the attacker to redirect access control list (ACL) read or write operations to arbitrary files or directories, leading to unauthorized manipulation of ACLs and ultimately local privilege escalation. Red Hat severity: Important — CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Weakness: CWE-59. Fixed by RHSA-2026:34351 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDoc hover popup, an attacker can execute arbitrary VS Code commands, which can lead to full system compromise in trusted workspaces. A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDoc hover popup, an attacker can execute arbitrary VS Code commands, which can lead to full system compromise in trusted workspaces. The Red Hat Product Security team has assessed the severity of this vulnerability as Important, given that it requires a user to open a malicious Java source file and interact with a hover popup. Successful exploitation allows an attacker to execute arbitrary commands within the context of the VS Code editor and potentially the underlying operating system. The vulnerability's root cause is the over-trusting of Markdown content returned by the Java language server, which fails to isolate extension-generated trusted links from attacker-controlled JavaDoc content. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-88. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.