RHSA-2026:1610
Vulnerability from csaf_redhat - Published: 2026-01-30 18:51 - Updated: 2026-02-17 09:57Summary
Red Hat Security Advisory: Red Hat OpenShift Lightspeed 1.0.9 security update
Notes
Topic
Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes
and container updates.
Details
Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated
into the OpenShift console. It can answer questions related to OpenShift and layered
offerings.
Security Fix(es):
langchain-core: LangChain: Arbitrary code execution via serialization injection (CVE-2025-68664)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.`
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes\nand container updates.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated\ninto the OpenShift console. It can answer questions related to OpenShift and layered\nofferings.\nSecurity Fix(es):\nlangchain-core: LangChain: Arbitrary code execution via serialization injection (CVE-2025-68664)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.`",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1610",
"url": "https://access.redhat.com/errata/RHSA-2026:1610"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68664",
"url": "https://access.redhat.com/security/cve/CVE-2025-68664"
},
{
"category": "external",
"summary": "https://docs.openshift.com/lightspeed/1.0tp1/about/ols-about-openshift-lightspeed.html",
"url": "https://docs.openshift.com/lightspeed/1.0tp1/about/ols-about-openshift-lightspeed.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1610.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Lightspeed 1.0.9 security update",
"tracking": {
"current_release_date": "2026-02-17T09:57:37+00:00",
"generator": {
"date": "2026-02-17T09:57:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1610",
"initial_release_date": "2026-01-30T18:51:47+00:00",
"revision_history": [
{
"date": "2026-01-30T18:51:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T21:09:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T09:57:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Lightspeed 1.0.9",
"product": {
"name": "Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_lightspeed:1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Lightspeed"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-console-plugin-rhel9@sha256%3Aeae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783?arch=amd64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769776075"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-console-plugin-pf5-rhel9@sha256%3A467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673?arch=amd64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769780437"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-ocp-rag-rhel9@sha256%3A2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302?arch=amd64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769584348"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-service-api-rhel9@sha256%3Ab66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821?arch=amd64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769058587"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-to-dataverse-exporter-rhel9@sha256%3Ae4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769778589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"product_id": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-mcp-server-rhel9@sha256%3A6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769752297"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-console-plugin-rhel9@sha256%3A0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769776075"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-console-plugin-pf5-rhel9@sha256%3A3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93?arch=arm64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769780437"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"product_id": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-service-api-rhel9@sha256%3A23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621?arch=arm64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769058587"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64",
"product": {
"name": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64",
"product_id": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-mcp-server-rhel9@sha256%3Ab00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-lightspeed\u0026tag=1769752297"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64 as a component of Red Hat OpenShift Lightspeed 1.0.9",
"product_id": "Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64"
},
"product_reference": "registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Lightspeed 1.0.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68664",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-12-23T23:00:49.746016+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2424790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain\u0027s `dumps()` and `dumpd()` functions. This occurs because the functions do not properly escape dictionaries containing the internal \u0027lc\u0027 key during serialization. When user-controlled data includes this key structure, it is incorrectly processed as a legitimate LangChain object during deserialization, potentially leading to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "langchain-core: LangChain: Arbitrary code execution via serialization injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Critical for Red Hat products. A serialization injection flaw in LangChain\u0027s `dumps()` and `dumpd()` functions allows remote attackers to achieve arbitrary code execution. This occurs when user-controlled data containing the internal \u0027lc\u0027 key is improperly deserialized as a legitimate LangChain object.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68664"
},
{
"category": "external",
"summary": "RHBZ#2424790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68664"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8",
"url": "https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6",
"url": "https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/pull/34455",
"url": "https://github.com/langchain-ai/langchain/pull/34455"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/pull/34458",
"url": "https://github.com/langchain-ai/langchain/pull/34458"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81",
"url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5",
"url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5"
},
{
"category": "external",
"summary": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm",
"url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm"
}
],
"release_date": "2025-12-23T22:47:44.084000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-30T18:51:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1610"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:3ac83417d72cf2b38a39df24bc1a3a912d71d7045cb9d85f5763337a000f8b93_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9@sha256:467aac9c025a05a567465a2948fef358b9754de6d38a2615c1d6c0eec1885673_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:0a828314e37381bcca30b9a4f628a2dd4144422004625c6fba512dbe7db18bf7_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-console-plugin-rhel9@sha256:eae3fe71c6bca8f5f887eb3522e48a46c290ccb93ea7b1c6e6f67afac2735783_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-ocp-rag-rhel9@sha256:2994e8938525281d5444ca4e0fee846f42048bd687a20119747f0532b6623302_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:23af5c023d054ad9f607f4a8df270c01607a7ace1acd328b5c3702e32dccb621_arm64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-service-api-rhel9@sha256:b66f6af7bbabeff59290842e6a72229f088293675091a019a86a5d23d1e9e821_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/lightspeed-to-dataverse-exporter-rhel9@sha256:e4c636d398654fa0cb60f13beec1cbfb8bc6498cc67c420f9b53edcb06f6ffaa_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:6c25fef6a572ae0d8fcaf028a2f4e899dc7e1f7da694a6c60d225ac072bcba2e_amd64",
"Red Hat OpenShift Lightspeed 1.0.9:registry.redhat.io/openshift-lightspeed/openshift-mcp-server-rhel9@sha256:b00fcd93824bca75c018f2d0e33b74dd964c4d7810a5c04f5dda4de9b2e3694e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "langchain-core: LangChain: Arbitrary code execution via serialization injection"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…