RHSA-2026:13812
Vulnerability from csaf_redhat - Published: 2026-05-05 17:47 - Updated: 2026-05-05 20:35Summary
Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images
Severity
Important
Notes
Topic: Updated RHEL-8 based Middleware Containers container images are now available
Details: The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory:
RHSA-2026:11077
RHSA-2026:7667
RHSA-2026:8534
RHSA-2026:9745
(see References)
Security Fixes:
* rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158)
* gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function (CVE-2025-9820)
* gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification (CVE-2025-14831)
* openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)
* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)
* libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424)
* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)
* libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121)
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
Users of RHEL-8 based Middleware Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
4.0 (Medium)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Applying the upstream patch or vendor-supplied security update is the recommended resolution.
An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue.
4.3 (Medium)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
5.3 (Medium)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.
8.2 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
To mitigate this issue, disable GSSAPI key exchange in the OpenSSH server configuration. This prevents the server from processing GSSAPI messages, eliminating the vulnerability's attack surface.
Edit `/etc/ssh/sshd_config` and add or modify the line:
```
GSSAPIKeyExchange no
```
After saving the changes, restart the `sshd` service for the mitigation to take effect. This action will prevent users from authenticating via GSSAPI.
```
# systemctl restart sshd
```
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
7.5 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.
7.1 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
7.1 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
7.5 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
To mitigate this issue, avoid processing untrusted ISO9660 images with applications that utilize `libarchive`. Users should only extract or read content from ISO images obtained from trusted sources.
A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
8.1 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
7.5 (High)
Vendor Fix
The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
https://access.redhat.com/errata/RHSA-2026:13812
References
Acknowledgments
Elhanan Haenel
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated RHEL-8 based Middleware Containers container images are now available",
"title": "Topic"
},
{
"category": "general",
"text": "The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: \nRHSA-2026:11077 \nRHSA-2026:7667\nRHSA-2026:8534\nRHSA-2026:9745\n(see References)\n\nSecurity Fixes:\n* rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158)\n* gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function (CVE-2025-9820)\n* gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification (CVE-2025-14831)\n* openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497) \n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n* libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing (CVE-2026-4424)\n* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n* libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing (CVE-2026-5121) \n* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\nUsers of RHEL-8 based Middleware Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:13812",
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2026:11077",
"url": "https://access.redhat.com/errata/RHSA-2026:11077"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2026:7667",
"url": "https://access.redhat.com/errata/RHSA-2026:7667"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2026:8534",
"url": "https://access.redhat.com/errata/RHSA-2026:8534"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2026:9745",
"url": "https://access.redhat.com/errata/RHSA-2026:9745"
},
{
"category": "external",
"summary": "https://errata.engineering.redhat.com/advisory/165062",
"url": "https://errata.engineering.redhat.com/advisory/165062"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "2392528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392528"
},
{
"category": "external",
"summary": "2415637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415637"
},
{
"category": "external",
"summary": "2423177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
},
{
"category": "external",
"summary": "2447085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2449006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006"
},
{
"category": "external",
"summary": "2449649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
},
{
"category": "external",
"summary": "2452945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945"
},
{
"category": "external",
"summary": "2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13812.json"
}
],
"title": "Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images",
"tracking": {
"current_release_date": "2026-05-05T20:35:22+00:00",
"generator": {
"date": "2026-05-05T20:35:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:13812",
"initial_release_date": "2026-05-05T17:47:50+00:00",
"revision_history": [
{
"date": "2026-05-05T17:47:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-05T17:47:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-05T20:35:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Middleware Containers for OpenShift",
"product": {
"name": "Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"product": {
"name": "rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"product_id": "rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8\u0026tag=7.13.5-4.1777325677"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"product": {
"name": "rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"product_id": "rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8\u0026tag=7.13.5-4.1777325711"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"product": {
"name": "rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"product_id": "rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-controller-rhel8\u0026tag=7.13.5-4.1777325710"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"product": {
"name": "rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"product_id": "rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8\u0026tag=7.13.5-3.1777325680"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"product": {
"name": "rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"product_id": "rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8\u0026tag=7.13.5-4.1777325709"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"product": {
"name": "rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"product_id": "rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8\u0026tag=7.13.5-4.1777325680"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64",
"product": {
"name": "rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64",
"product_id": "rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8\u0026tag=7.13.5-4.1777325708"
}
}
},
{
"category": "product_version",
"name": "rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"product": {
"name": "rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"product_id": "rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931?arch=amd64\u0026repository_url=registry.redhat.io/rhpam-7/rhpam-operator-bundle\u0026tag=7.13.5-40"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64"
},
"product_reference": "rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64"
},
"product_reference": "rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64"
},
"product_reference": "rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64"
},
"product_reference": "rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64"
},
"product_reference": "rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
},
"product_reference": "rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64"
},
"product_reference": "rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64 as a component of Middleware Containers for OpenShift",
"product_id": "8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
},
"product_reference": "rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64",
"relates_to_product_reference": "8Base-RHOSE-Middleware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9820",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-09-02T10:00:18.839000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Low, since exploitation requires local access or a malicious PKCS#11 token. While the impact is limited to denial of service or potential code execution in constrained scenarios, the vulnerability stems from a lack of proper bounds checking during token label handling in GnuTLS. Users should treat this as a security concern in environments where untrusted tokens may be introduced.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9820"
},
{
"category": "external",
"summary": "RHBZ#2392528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5",
"url": "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1732",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1732"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18"
}
],
"release_date": "2025-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Applying the upstream patch or vendor-supplied security update is the recommended resolution.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function"
},
{
"cve": "CVE-2025-10158",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-18T15:01:12.887910+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415637"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Rsync: Out of bounds array access via negative index",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10158"
},
{
"category": "external",
"summary": "RHBZ#2415637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415637"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10158"
},
{
"category": "external",
"summary": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1",
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f",
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
}
],
"release_date": "2025-11-18T14:24:19.210000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Rsync: Out of bounds array access via negative index"
},
{
"cve": "CVE-2025-14831",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-17T14:48:30.222000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423177"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. GnuTLS is susceptible to a denial of service attack due to excessive CPU and memory consumption. This occurs when processing specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) during certificate verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14831"
},
{
"category": "external",
"summary": "RHBZ#2423177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1773",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
}
],
"release_date": "2026-02-09T14:26:34.939000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification"
},
{
"cve": "CVE-2026-3497",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-12T19:01:37.007806+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: This vulnerability affects the OpenSSH GSSAPI delta as implemented in Red Hat Enterprise Linux and OpenShift Container Platform. An unauthenticated attacker could send a specially crafted GSSAPI message during key exchange, leading to the use of uninitialized variables and potentially undefined behavior. The severity of the impact is dependent on compiler hardening configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3497"
},
{
"category": "external",
"summary": "RHBZ#2447085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3497",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3497"
},
{
"category": "external",
"summary": "https://ubuntu.com/security/CVE-2026-3497",
"url": "https://ubuntu.com/security/CVE-2026-3497"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2026/03/12/3",
"url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"
}
],
"release_date": "2026-03-12T18:27:44.917000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable GSSAPI key exchange in the OpenSSH server configuration. This prevents the server from processing GSSAPI messages, eliminating the vulnerability\u0027s attack surface.\n\nEdit `/etc/ssh/sshd_config` and add or modify the line:\n```\nGSSAPIKeyExchange no\n```\n\nAfter saving the changes, restart the `sshd` service for the mitigation to take effect. This action will prevent users from authenticating via GSSAPI.\n\n```\n# systemctl restart sshd\n```",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables"
},
{
"acknowledgments": [
{
"names": [
"Elhanan Haenel"
]
}
],
"cve": "CVE-2026-4424",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-03-19T12:22:21.740000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: This heap out-of-bounds read vulnerability in libarchive\u0027s RAR archive processing logic can lead to information disclosure. A remote attacker can exploit this flaw by providing a specially crafted RAR archive, potentially revealing sensitive heap memory information without requiring authentication or user interaction on systems that process untrusted archives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4424"
},
{
"category": "external",
"summary": "RHBZ#2449006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4424",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4424"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2898",
"url": "https://github.com/libarchive/libarchive/pull/2898"
}
],
"release_date": "2026-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing"
},
{
"cve": "CVE-2026-4519",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-03-20T16:02:13.494105+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449649"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4519"
},
{
"category": "external",
"summary": "RHBZ#2449649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/143930",
"url": "https://github.com/python/cpython/issues/143930"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/143931",
"url": "https://github.com/python/cpython/pull/143931"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"
}
],
"release_date": "2026-03-20T15:08:32.576000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs"
},
{
"cve": "CVE-2026-4786",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-13T22:01:38.006388+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4786"
},
{
"category": "external",
"summary": "RHBZ#2458049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148169",
"url": "https://github.com/python/cpython/issues/148169"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148170",
"url": "https://github.com/python/cpython/pull/148170"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
}
],
"release_date": "2026-04-13T21:52:19.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
},
{
"acknowledgments": [
{
"names": [
"Elhanan Haenel"
]
}
],
"cve": "CVE-2026-5121",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-03-30T07:40:25.358335+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452945"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: An integer overflow flaw in `libarchive` on 32-bit systems can lead to a heap buffer overflow. This vulnerability occurs when processing a specially crafted ISO9660 image, allowing an attacker to potentially execute arbitrary code. Red Hat Enterprise Linux 64-bit systems are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5121"
},
{
"category": "external",
"summary": "RHBZ#2452945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5121"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc",
"url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2934",
"url": "https://github.com/libarchive/libarchive/pull/2934"
}
],
"release_date": "2026-03-30T07:44:15.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted ISO9660 images with applications that utilize `libarchive`. Users should only extract or read content from ISO images obtained from trusted sources.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing"
},
{
"cve": "CVE-2026-6100",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-04-13T18:01:31.970255+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6100"
},
{
"category": "external",
"summary": "RHBZ#2457932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
"url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
"url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
"url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/148395",
"url": "https://github.com/python/cpython/issues/148395"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/148396",
"url": "https://github.com/python/cpython/pull/148396"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
}
],
"release_date": "2026-04-13T17:15:47.606000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"known_not_affected": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T17:47:50+00:00",
"details": "The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:92df715c896f06f6aa93b631bd62e3a146bad3cd08666cbab955d5cccdad0ea0_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-businesscentral-rhel8@sha256:23b2eace9e0e381d6a8db37a11ebef3a092f7b14352b3a05187c7b9e78f6e60e_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-controller-rhel8@sha256:6a8c527be5f7140866dca164d60ab484d40f28281becd849907f8740a8a2a87d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-dashbuilder-rhel8@sha256:64efe627bd982759b2492ca8bf4d31315c68bf0262c0ca448a93335a11c81673_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-kieserver-rhel8@sha256:56ce30c3d224f65df05b066f39741797836687b4aeab7d7269bf5d28f45dc04d_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-operator-bundle@sha256:3378f77e5a1823d197c755b020e725ff0e72784994c0a755347a0999cef65931_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-process-migration-rhel8@sha256:a4a34e29ddb6f9d60e64f19bac7fe49eb0b66fcbb6803cbc6563b77e7d7f9904_amd64",
"8Base-RHOSE-Middleware:rhpam-7/rhpam-smartrouter-rhel8@sha256:14df06eab56c17b7f718884c7379098ec3842ed99d6c5778dc2810ac9b1d4c17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…