RHSA-2026:26211

Vulnerability from csaf_redhat - Published: 2026-06-16 08:46 - Updated: 2026-06-27 20:11
Summary
Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image
Severity
Important
Notes
Topic: A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry.
Details: Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-69873

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1333 - Inefficient Regular Expression Complexity
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64
Vendor Fix fix
Workaround
Threats
Impact Important
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying  predefined rules to a small set of local data, such as installed packages,  running services, and configuration settings.  When you install Red Hat Lightspeed in Satellite locally,  you can generate Red Hat Lightspeed recommendations without  sending system data to Red Hat services. ",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:26211",
        "url": "https://access.redhat.com/errata/RHSA-2026:26211"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
        "url": "https://access.redhat.com/security/cve/CVE-2025-69873"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/search",
        "url": "https://catalog.redhat.com/software/containers/search"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
        "url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
        "url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26211.json"
      }
    ],
    "title": "Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image",
    "tracking": {
      "current_release_date": "2026-06-27T20:11:31+00:00",
      "generator": {
        "date": "2026-06-27T20:11:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2026:26211",
      "initial_release_date": "2026-06-16T08:46:45+00:00",
      "revision_history": [
        {
          "date": "2026-06-16T08:46:45+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-16T08:46:59+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-27T20:11:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 6.18",
                "product": {
                  "name": "Red Hat Satellite 6.18",
                  "product_id": "Red Hat Satellite 6.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:6.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64",
                "product": {
                  "name": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64",
                  "product_id": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/iop-remediations-rhel9@sha256%3A67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c?arch=amd64\u0026repository_url=registry.redhat.io/satellite/iop-remediations-rhel9\u0026tag=1781247025"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64 as a component of Red Hat Satellite 6.18",
          "product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64"
        },
        "product_reference": "registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64",
        "relates_to_product_reference": "Red Hat Satellite 6.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-69873",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2026-02-11T19:01:32.953264+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2439070"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ajv: ReDoS via $data reference",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-69873"
        },
        {
          "category": "external",
          "summary": "RHBZ#2439070",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
        },
        {
          "category": "external",
          "summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
          "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
        }
      ],
      "release_date": "2026-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T08:46:45+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26211"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-remediations-rhel9@sha256:67a2e57be6dba58af9eabc9f4600dc5f5d81ad5741b6d7284495c260ad9aaa1c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ajv: ReDoS via $data reference"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.