RHSA-2026:7239
Vulnerability from csaf_redhat - Published: 2026-04-16 10:25 - Updated: 2026-04-17 13:35Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.65 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.13.65 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.65. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2026:7238
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
Security Fix(es):
None
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.
7.5 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
7.8 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
There's no known mitigation available for this vulnerability.
A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.
7.4 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
7.5 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap buffer overflow. This could result in arbitrary code execution or a denial of service.
7.3 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system (OS) command injection vulnerability exists in the `netrw` standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the `scp://` protocol handler. Successful exploitation allows the attacker to execute arbitrary shell commands with the same privileges as the Vim process, leading to potential system compromise.
4.4 (Medium)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.
5.3 (Medium)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings.
7.3 (High)
Vendor Fix
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
You may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha value for the release is as follows:
(For x86_64 architecture)
The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
https://access.redhat.com/errata/RHSA-2026:7239
References
Acknowledgments
Elhanan Haenel
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.13.65 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.13.65. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2026:7238\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nSecurity Fix(es):\n\nNone\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7239",
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268766"
},
{
"category": "external",
"summary": "2414683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414683"
},
{
"category": "external",
"summary": "2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "2437843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437843"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "2443455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443455"
},
{
"category": "external",
"summary": "2443474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443474"
},
{
"category": "external",
"summary": "2446453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
},
{
"category": "external",
"summary": "2450907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7239.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.65 bug fix and security update",
"tracking": {
"current_release_date": "2026-04-17T13:35:02+00:00",
"generator": {
"date": "2026-04-17T13:35:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:7239",
"initial_release_date": "2026-04-16T10:25:29+00:00",
"revision_history": [
{
"date": "2026-04-16T10:25:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T10:25:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-17T13:35:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-413.92.202604080111-0",
"product": {
"name": "rhcos-x86_64-413.92.202604080111-0",
"product_id": "rhcos-x86_64-413.92.202604080111-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@413.92.202604080111?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-413.92.202604080111-0 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
},
"product_reference": "rhcos-x86_64-413.92.202604080111-0",
"relates_to_product_reference": "9Base-RHOSE-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268766"
}
],
"notes": [
{
"category": "description",
"text": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: XML Entity Expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as a moderate severity because a flaw was found in the libexpat library in the xmlparse.c file, specifically in the handling of external parsers. The issue is an XML Entity Expansion flaw caused by the parser\u0027s failure to detect direct recursion when a parameter entity references itself in an external subset. An attacker can trigger this by submitting a specially crafted XML document, which creates an infinite processing loop, leading to uncontrolled resource consumption and causing a denial of service (DoS).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "RHBZ#2268766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/839",
"url": "https://github.com/libexpat/libexpat/issues/839"
}
],
"release_date": "2024-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: XML Entity Expansion"
},
{
"cve": "CVE-2025-61662",
"discovery_date": "2025-11-12T21:18:21.069000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414683"
}
],
"notes": [
{
"category": "description",
"text": "A Use-After-Free vulnerability has been discovered in GRUB\u0027s gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: Missing unregister call for gettext command may lead to use-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as have the impact of Moderate by the Red Hat Product Security team. This decision was made based in the fact an attacker needs local or physical access to the machine, to execute the gettext command after it was unloaded. Additionally the most likely outcome from an successful attack is a Denial of Crash by leading the grub2 to crash.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61662"
},
{
"category": "external",
"summary": "RHBZ#2414683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61662"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html"
}
],
"release_date": "2025-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "There\u0027s no known mitigation available for this vulnerability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: Missing unregister call for gettext command may lead to use-after-free"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"acknowledgments": [
{
"names": [
"Elhanan Haenel"
]
}
],
"cve": "CVE-2026-4111",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-11T11:18:51.609000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446453"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team would likely assess the severity of this vulnerability as High because it allows remote attackers to cause a persistent denial-of-service condition using a small crafted archive file. Successful exploitation requires no authentication, no special configuration, and no user interaction in environments that automatically process uploaded archives. By repeatedly submitting malicious archives, an attacker can exhaust CPU resources or worker threads in services such as file upload systems, CI/CD pipelines, mail scanners, and content indexing services that rely on libarchive for archive extraction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4111"
},
{
"category": "external",
"summary": "RHBZ#2446453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4111"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2877",
"url": "https://github.com/libarchive/libarchive/pull/2877"
}
],
"release_date": "2026-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
},
{
"cve": "CVE-2026-25749",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-02-09T11:08:59.061581+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the \u0027helpfile\u0027 option. A local user could exploit this by providing a specially crafted \u0027helpfile\u0027 option value, leading to a heap buffer overflow. This could result in arbitrary code execution or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via \u0027helpfile\u0027 option processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact vulnerability in Vim\u0027s tag file resolution logic allows a local attacker to achieve a out-of-bounds write. By providing a specially crafted `helpfile` option value a local user can trigger a heap buffer overflow, as consequence lead to memory corruption presenting a data integrity impact or leading the vim process to crash resulting in availability impact. Although being non-trivial and very complex, arbitrary code execution is not discarded as worst case scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25749"
},
{
"category": "external",
"summary": "RHBZ#2437843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25749"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9",
"url": "https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.1.2132",
"url": "https://github.com/vim/vim/releases/tag/v9.1.2132"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43",
"url": "https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43"
}
],
"release_date": "2026-02-06T22:43:38.630000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Arbitrary code execution via \u0027helpfile\u0027 option processing"
},
{
"cve": "CVE-2026-28417",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-02-27T22:01:53.728412+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system (OS) command injection vulnerability exists in the `netrw` standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the `scp://` protocol handler. Successful exploitation allows the attacker to execute arbitrary shell commands with the same privileges as the Vim process, leading to potential system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The risk posed by this vulnerability is limited on Red Hat products due to user and system isolation features which are enabled by default. The impacts of this flaw will be limited by the active user\u0027s permissions and access control limits. Host systems are not at risk when following Red Hat guidelines and the root user account is not actively executing Vim.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28417"
},
{
"category": "external",
"summary": "RHBZ#2443455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28417"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860",
"url": "https://github.com/vim/vim/commit/79348dbbc09332130f4c860"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0073",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0073"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336",
"url": "https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336"
}
],
"release_date": "2026-02-27T21:54:35.196000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin"
},
{
"cve": "CVE-2026-28421",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-02-27T23:01:44.673504+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443474"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service (DoS) or potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Denial of service and information disclosure via crafted swap file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The risk posed by this vulnerability is limited on Red Hat products due to user and system isolation features which are enabled by default. The impacts of this flaw will be limited by the active user\u0027s permissions and access control limits. Host systems are not at risk when following Red Hat guidelines and the root user account is not actively executing Vim.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28421"
},
{
"category": "external",
"summary": "RHBZ#2443474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28421"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/65c1a143c331c886dc28",
"url": "https://github.com/vim/vim/commit/65c1a143c331c886dc28"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0077",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0077"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p",
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p"
}
],
"release_date": "2026-02-27T22:06:34.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Denial of service and information disclosure via crafted swap file"
},
{
"cve": "CVE-2026-33412",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-03-24T20:02:21.511965+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. By including a newline character in a pattern passed to Vim\u0027s glob() function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user\u0027s shell settings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Arbitrary code execution via command injection in glob() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33412"
},
{
"category": "external",
"summary": "RHBZ#2450907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33412"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a",
"url": "https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0202",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0202"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c",
"url": "https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c"
}
],
"release_date": "2026-03-24T19:43:07.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:25:29+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:8f2d90675314d5860aa070a036e7b2ecc57ed56df6fddb229835cdb674364874\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202604080111-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: Vim: Arbitrary code execution via command injection in glob() function"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…