Vulnerability-Lookup

RHSA-2026:2823

Vulnerability from csaf_redhat - Published: 2026-02-17 15:39 - Updated: 2026-02-18 16:22

Summary

Red Hat Security Advisory: Updated discovery-cli release RPM versions 2.4.3

Notes

Topic

Updated Discovery Release RPM 2.4.3 for discovery-cli (dsc) is now available for Discovery 2.4.

Details

New 2.4.3 version of discovery-cli (dsc) is now available for Discovery 2.4. This version contains a fix for CVE-2026-24049 .

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Discovery Release RPM 2.4.3 for discovery-cli (dsc) is now available for Discovery 2.4.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "New 2.4.3 version of discovery-cli (dsc) is now available for Discovery 2.4. This version contains a fix for CVE-2026-24049 .",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:2823",
        "url": "https://access.redhat.com/errata/RHSA-2026:2823"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2431959",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
      },
      {
        "category": "external",
        "summary": "DISCOVERY-1276",
        "url": "https://issues.redhat.com/browse/DISCOVERY-1276"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2823.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated discovery-cli release RPM versions 2.4.3",
    "tracking": {
      "current_release_date": "2026-02-18T16:22:09+00:00",
      "generator": {
        "date": "2026-02-18T16:22:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.1"
        }
      },
      "id": "RHSA-2026:2823",
      "initial_release_date": "2026-02-17T15:39:37+00:00",
      "revision_history": [
        {
          "date": "2026-02-17T15:39:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-02-17T15:39:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-02-18T16:22:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Discovery 2 for RHEL 10",
                "product": {
                  "name": "Discovery 2 for RHEL 10",
                  "product_id": "10Base-discovery-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el10"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Discovery 2 for RHEL 8",
                "product": {
                  "name": "Discovery 2 for RHEL 8",
                  "product_id": "8Base-discovery-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Discovery 2 for RHEL 9",
                "product": {
                  "name": "Discovery 2 for RHEL 9",
                  "product_id": "9Base-discovery-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Discovery"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "discovery-cli-0:2.4.3-2.el10.src",
                "product": {
                  "name": "discovery-cli-0:2.4.3-2.el10.src",
                  "product_id": "discovery-cli-0:2.4.3-2.el10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/discovery-cli@2.4.3-2.el10?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "discovery-cli-0:2.4.3-2.el8.src",
                "product": {
                  "name": "discovery-cli-0:2.4.3-2.el8.src",
                  "product_id": "discovery-cli-0:2.4.3-2.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/discovery-cli@2.4.3-2.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "discovery-cli-0:2.4.3-2.el9.src",
                "product": {
                  "name": "discovery-cli-0:2.4.3-2.el9.src",
                  "product_id": "discovery-cli-0:2.4.3-2.el9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/discovery-cli@2.4.3-2.el9?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "discovery-cli-0:2.4.3-2.el10.noarch",
                "product": {
                  "name": "discovery-cli-0:2.4.3-2.el10.noarch",
                  "product_id": "discovery-cli-0:2.4.3-2.el10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/discovery-cli@2.4.3-2.el10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "discovery-cli-0:2.4.3-2.el8.noarch",
                "product": {
                  "name": "discovery-cli-0:2.4.3-2.el8.noarch",
                  "product_id": "discovery-cli-0:2.4.3-2.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/discovery-cli@2.4.3-2.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "discovery-cli-0:2.4.3-2.el9.noarch",
                "product": {
                  "name": "discovery-cli-0:2.4.3-2.el9.noarch",
                  "product_id": "discovery-cli-0:2.4.3-2.el9.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/discovery-cli@2.4.3-2.el9?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery-cli-0:2.4.3-2.el10.noarch as a component of Discovery 2 for RHEL 10",
          "product_id": "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.noarch"
        },
        "product_reference": "discovery-cli-0:2.4.3-2.el10.noarch",
        "relates_to_product_reference": "10Base-discovery-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery-cli-0:2.4.3-2.el10.src as a component of Discovery 2 for RHEL 10",
          "product_id": "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.src"
        },
        "product_reference": "discovery-cli-0:2.4.3-2.el10.src",
        "relates_to_product_reference": "10Base-discovery-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery-cli-0:2.4.3-2.el8.noarch as a component of Discovery 2 for RHEL 8",
          "product_id": "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.noarch"
        },
        "product_reference": "discovery-cli-0:2.4.3-2.el8.noarch",
        "relates_to_product_reference": "8Base-discovery-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery-cli-0:2.4.3-2.el8.src as a component of Discovery 2 for RHEL 8",
          "product_id": "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.src"
        },
        "product_reference": "discovery-cli-0:2.4.3-2.el8.src",
        "relates_to_product_reference": "8Base-discovery-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery-cli-0:2.4.3-2.el9.noarch as a component of Discovery 2 for RHEL 9",
          "product_id": "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.noarch"
        },
        "product_reference": "discovery-cli-0:2.4.3-2.el9.noarch",
        "relates_to_product_reference": "9Base-discovery-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery-cli-0:2.4.3-2.el9.src as a component of Discovery 2 for RHEL 9",
          "product_id": "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.src"
        },
        "product_reference": "discovery-cli-0:2.4.3-2.el9.src",
        "relates_to_product_reference": "9Base-discovery-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-24049",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-01-22T05:00:54.709179+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431959"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.noarch",
          "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.src",
          "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.noarch",
          "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.src",
          "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.noarch",
          "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-24049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431959",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
          "url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
          "url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
          "url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
        }
      ],
      "release_date": "2026-01-22T04:02:08.706000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-17T15:39:37+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.noarch",
            "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.src",
            "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.noarch",
            "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.src",
            "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.noarch",
            "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2823"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.noarch",
            "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.src",
            "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.noarch",
            "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.src",
            "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.noarch",
            "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.noarch",
            "10Base-discovery-2:discovery-cli-0:2.4.3-2.el10.src",
            "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.noarch",
            "8Base-discovery-2:discovery-cli-0:2.4.3-2.el8.src",
            "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.noarch",
            "9Base-discovery-2:discovery-cli-0:2.4.3-2.el9.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
    }
  ]
}

CVE-2026-24049 (GCVE-0-2026-24049)

Vulnerability from cvelistv5 – Published: 2026-01-22 04:02 – Updated: 2026-01-27 14:58

Title

wheel Allows Arbitrary File Permission Modification via Path Traversal

Summary

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pypa/wheel/security/advisories…	x_refsource_CONFIRM
	https://github.com/pypa/wheel/commit/7a7d2de96b22…	x_refsource_MISC
	https://github.com/pypa/wheel/releases/tag/0.46.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	pypa	wheel	Affected: >= 0.40.0, < 0.46.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24049",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T12:24:28.930262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T14:58:36.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wheel",
          "vendor": "pypa",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.40.0, \u003c 0.46.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T17:45:05.244Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
        },
        {
          "name": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
        },
        {
          "name": "https://github.com/pypa/wheel/releases/tag/0.46.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
        }
      ],
      "source": {
        "advisory": "GHSA-8rrh-rw8j-w5fx",
        "discovery": "UNKNOWN"
      },
      "title": "wheel Allows Arbitrary File Permission Modification via Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24049",
    "datePublished": "2026-01-22T04:02:08.706Z",
    "dateReserved": "2026-01-20T22:30:11.778Z",
    "dateUpdated": "2026-01-27T14:58:36.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:2823

CVE-2026-24049 (GCVE-0-2026-24049)

Tags

Sightings

Nomenclature