RHSA-2026:8437

Vulnerability from csaf_redhat - Published: 2026-04-16 10:43 - Updated: 2026-04-16 10:45
Summary
Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency
Severity
Important
Notes
Topic: The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
Details: The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2026-27459

A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.

8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vendor Fix The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor). For details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4 You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index https://access.redhat.com/errata/RHSA-2026:8437
Workaround To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
CVE-2026-30922

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.

7.5 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Vendor Fix The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor). For details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4 You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index https://access.redhat.com/errata/RHSA-2026:8437
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVE-2026-32597

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-347 - Improper Verification of Cryptographic Signature
Vendor Fix The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor). For details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4 You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index https://access.redhat.com/errata/RHSA-2026:8437
Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
https://access.redhat.com/errata/RHSA-2026:8437 self
https://access.redhat.com/documentation/en-us/red… external
https://access.redhat.com/documentation/en-us/red… external
https://access.redhat.com/security/cve/CVE-2026-27459 external
https://access.redhat.com/security/cve/CVE-2026-30922 external
https://access.redhat.com/security/cve/CVE-2026-32597 external
https://access.redhat.com/security/updates/classi… external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2026-27459 self
https://bugzilla.redhat.com/show_bug.cgi?id=2448503 external
https://www.cve.org/CVERecord?id=CVE-2026-27459 external
https://nvd.nist.gov/vuln/detail/CVE-2026-27459 external
https://github.com/pyca/pyopenssl/blob/358cbf29c4… external
https://github.com/pyca/pyopenssl/commit/57f09bb4… external
https://github.com/pyca/pyopenssl/security/adviso… external
https://access.redhat.com/security/cve/CVE-2026-30922 self
https://bugzilla.redhat.com/show_bug.cgi?id=2448553 external
https://www.cve.org/CVERecord?id=CVE-2026-30922 external
https://nvd.nist.gov/vuln/detail/CVE-2026-30922 external
https://github.com/pyasn1/pyasn1/commit/25ad481c1… external
https://github.com/pyasn1/pyasn1/security/advisor… external
https://access.redhat.com/security/cve/CVE-2026-32597 self
https://bugzilla.redhat.com/show_bug.cgi?id=2447194 external
https://www.cve.org/CVERecord?id=CVE-2026-32597 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32597 external
https://github.com/jpadilla/pyjwt/security/adviso… external
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The GA release of the RHTAS Model Transparency CLI image.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:8437",
        "url": "https://access.redhat.com/errata/RHSA-2026:8437"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
        "url": "https://access.redhat.com/security/cve/CVE-2026-30922"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32597"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8437.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency",
    "tracking": {
      "current_release_date": "2026-04-16T10:45:33+00:00",
      "generator": {
        "date": "2026-04-16T10:45:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2026:8437",
      "initial_release_date": "2026-04-16T10:43:56+00:00",
      "revision_history": [
        {
          "date": "2026-04-16T10:43:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-16T10:44:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-16T10:45:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Trusted Artifact Signer 1.4",
                "product": {
                  "name": "Red Hat Trusted Artifact Signer 1.4",
                  "product_id": "Red Hat Trusted Artifact Signer 1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Trusted Artifact Signer"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
                "product": {
                  "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
                  "product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-transparency-rhel9@sha256%3A58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1775815407"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
                "product": {
                  "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
                  "product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/model-transparency-rhel9@sha256%3A66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755?arch=arm64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1775815407"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
          "product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64"
        },
        "product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
        "relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
          "product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
        },
        "product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
        "relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-27459",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T00:01:41.404915+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448503"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pyOpenSSL: DTLS cookie callback buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448503",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
          "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
          "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
          "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
        }
      ],
      "release_date": "2026-03-17T23:34:28.483000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:43:56+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8437"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    },
    {
      "cve": "CVE-2026-30922",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2026-03-18T04:02:45.401296+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448553"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-30922"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448553",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
          "url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
          "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
        }
      ],
      "release_date": "2026-03-18T02:29:45.857000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:43:56+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8437"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
    },
    {
      "cve": "CVE-2026-32597",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2026-03-12T22:01:29.967713+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2447194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
          "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32597"
        },
        {
          "category": "external",
          "summary": "RHBZ#2447194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
        },
        {
          "category": "external",
          "summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
          "url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
        }
      ],
      "release_date": "2026-03-12T21:41:50.427000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-16T10:43:56+00:00",
          "details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:8437"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
            "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.