Search

Find a vulnerability

Search criteria

    4189 vulnerabilities by Red Hat

    CVE-2026-16118 (GCVE-0-2026-16118)

    Vulnerability from nvd – Published: 2026-07-17 19:44 – Updated: 2026-07-17 19:44
    VLAI
    Title
    Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c
    Summary
    A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Date Public
    2026-07-07 00:00
    Credits
    Red Hat would like to thank asotyc for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "webkitgtk4",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "webkit2gtk3",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "webkit2gtk3",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank asotyc for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T19:44:40.562Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16118"
            },
            {
              "name": "RHBZ#2501732",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501732"
            },
            {
              "url": "https://gitlab.freedesktop.org/xdg/xdgmime/-/work_items/41"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-17T13:20:23.862Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c",
          "workarounds": [
            {
              "lang": "en",
              "value": "Do not install a MIME magic file or content from untrusted sources."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16118",
        "datePublished": "2026-07-17T19:44:40.562Z",
        "dateReserved": "2026-07-17T15:50:21.345Z",
        "dateUpdated": "2026-07-17T19:44:40.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16108 (GCVE-0-2026-16108)

    Vulnerability from nvd – Published: 2026-07-17 16:43 – Updated: 2026-07-17 18:05
    VLAI
    Title
    Keycloak-services: keycloak-services: realm default-group reads disclose hidden groups under fgap v2
    Summary
    A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and identifiers of hidden default groups, even if they lack the specific permissions to view those groups. This can lead to the exposure of sensitive organizational structures or internal group names.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16108 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501740 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-15 07:21
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:20:03.634038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T18:05:08.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-15T07:21:48.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and identifiers of hidden default groups, even if they lack the specific permissions to view those groups. This can lead to the exposure of sensitive organizational structures or internal group names."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:43:14.900Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16108"
            },
            {
              "name": "RHBZ#2501740",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501740"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T07:21:48.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-15T07:21:48.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: realm default-group reads disclose hidden groups under fgap v2",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16108",
        "datePublished": "2026-07-17T16:43:14.900Z",
        "dateReserved": "2026-07-17T14:54:36.323Z",
        "dateUpdated": "2026-07-17T18:05:08.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16106 (GCVE-0-2026-16106)

    Vulnerability from nvd – Published: 2026-07-17 16:43 – Updated: 2026-07-19 09:12
    VLAI
    Title
    Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles
    Summary
    A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16106 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501739 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-15 07:28
    Credits
    Red Hat would like to thank Owais Lone (thesecguy) (Independent Security Researcher) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:51:57.921536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:53:32.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Owais Lone (thesecguy) (Independent Security Researcher) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-15T07:28:13.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T09:12:28.180Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16106"
            },
            {
              "name": "RHBZ#2501739",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501739"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T07:28:13.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-15T07:28:13.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16106",
        "datePublished": "2026-07-17T16:43:16.461Z",
        "dateReserved": "2026-07-17T14:53:02.339Z",
        "dateUpdated": "2026-07-19T09:12:28.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16104 (GCVE-0-2026-16104)

    Vulnerability from nvd – Published: 2026-07-17 16:43 – Updated: 2026-07-17 17:24
    VLAI
    Title
    Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins
    Summary
    A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16104 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501737 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-15 13:25
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16104",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:24:30.498422Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T17:24:34.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-15T13:25:50.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:43:54.168Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16104"
            },
            {
              "name": "RHBZ#2501737",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501737"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T13:25:50.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-15T13:25:50.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16104",
        "datePublished": "2026-07-17T16:43:54.168Z",
        "dateReserved": "2026-07-17T14:48:32.086Z",
        "dateUpdated": "2026-07-17T17:24:34.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16103 (GCVE-0-2026-16103)

    Vulnerability from nvd – Published: 2026-07-17 16:43 – Updated: 2026-07-17 17:02
    VLAI
    Title
    Keycloak-services: keycloak-services: incomplete fix for ciba brute-force lockout bypass at token redemption
    Summary
    A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication (CIBA) initiation handler but were omitted from the token redemption handler. This allows an attacker with valid client credentials to obtain access and refresh tokens for a user account that has been locked due to brute-force protection, provided the authentication request was started before the lockout occurred and was approved by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16103 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501736 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 16:53
    Credits
    Red Hat would like to thank johanw for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:01:59.231875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T17:02:25.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank johanw for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T16:53:46.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication (CIBA) initiation handler but were omitted from the token redemption handler. This allows an attacker with valid client credentials to obtain access and refresh tokens for a user account that has been locked due to brute-force protection, provided the authentication request was started before the lockout occurred and was approved by the user."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:43:50.887Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16103"
            },
            {
              "name": "RHBZ#2501736",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501736"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T16:53:46.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T16:53:46.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: incomplete fix for ciba brute-force lockout bypass at token redemption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16103",
        "datePublished": "2026-07-17T16:43:50.887Z",
        "dateReserved": "2026-07-17T14:46:55.658Z",
        "dateUpdated": "2026-07-17T17:02:25.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16093 (GCVE-0-2026-16093)

    Vulnerability from nvd – Published: 2026-07-17 16:42 – Updated: 2026-07-17 16:42
    VLAI
    Title
    Keycloak-services: keycloak-services: required signed-jwt assertion policy can be bypassed with unsigned assertion headers
    Summary
    Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned assertion header that tricks the system into thinking the policy requirements have been met. This allows the attacker to authenticate using simpler methods like a client secret even when the administrator has mandated more secure, signed assertions.
    CWE
    • CWE-807 - Reliance on Untrusted Inputs in a Security Decision
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16093 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501729 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 17:01
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T17:01:13.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned assertion header that tricks the system into thinking the policy requirements have been met. This allows the attacker to authenticate using simpler methods like a client secret even when the administrator has mandated more secure, signed assertions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-807",
                  "description": "Reliance on Untrusted Inputs in a Security Decision",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:42:52.407Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16093"
            },
            {
              "name": "RHBZ#2501729",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501729"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T17:01:13.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T17:01:13.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: required signed-jwt assertion policy can be bypassed with unsigned assertion headers",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-807: Reliance on Untrusted Inputs in a Security Decision"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16093",
        "datePublished": "2026-07-17T16:42:52.407Z",
        "dateReserved": "2026-07-17T14:08:34.722Z",
        "dateUpdated": "2026-07-17T16:42:52.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16089 (GCVE-0-2026-16089)

    Vulnerability from nvd – Published: 2026-07-17 14:15 – Updated: 2026-07-17 14:15
    VLAI
    Title
    Keycloak-services: keycloak-services: authorization codes can be retargeted to another client session
    Summary
    A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their own client, potentially allowing them to obtain access tokens for a victim's identity.
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16089 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501724 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-17 12:17
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-17T12:17:39.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their own client, potentially allowing them to obtain access tokens for a victim\u0027s identity."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T14:15:43.476Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16089"
            },
            {
              "name": "RHBZ#2501724",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501724"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-17T12:17:39.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-17T12:17:39.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: authorization codes can be retargeted to another client session",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16089",
        "datePublished": "2026-07-17T14:15:43.476Z",
        "dateReserved": "2026-07-17T14:00:35.799Z",
        "dateUpdated": "2026-07-17T14:15:43.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16072 (GCVE-0-2026-16072)

    Vulnerability from nvd – Published: 2026-07-17 13:40 – Updated: 2026-07-17 18:05
    VLAI
    Title
    Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation
    Summary
    A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16072 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501721 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 17:09
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:27:33.028934Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T18:05:27.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T17:09:24.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T13:40:01.921Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16072"
            },
            {
              "name": "RHBZ#2501721",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501721"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T17:09:24.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T17:09:24.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16072",
        "datePublished": "2026-07-17T13:40:01.921Z",
        "dateReserved": "2026-07-17T13:26:09.324Z",
        "dateUpdated": "2026-07-17T18:05:27.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15943 (GCVE-0-2026-15943)

    Vulnerability from nvd – Published: 2026-07-17 11:49 – Updated: 2026-07-17 14:53
    VLAI
    Title
    Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change
    Summary
    A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15943 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501270 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 06:27
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T14:52:50.320761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T14:53:16.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T06:27:49.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T11:54:54.496Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15943"
            },
            {
              "name": "RHBZ#2501270",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501270"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T06:27:49.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T06:27:49.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1288: Improper Validation of Consistency within Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15943",
        "datePublished": "2026-07-17T11:49:49.874Z",
        "dateReserved": "2026-07-16T09:20:43.530Z",
        "dateUpdated": "2026-07-17T14:53:16.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15945 (GCVE-0-2026-15945)

    Vulnerability from nvd – Published: 2026-07-16 17:36 – Updated: 2026-07-17 14:00
    VLAI
    Title
    Keycloak-services: keycloak-services: group hierarchy search discloses hidden parent groups under fgap v2
    Summary
    A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15945 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501302 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-14 15:31
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15945",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:59:59.366659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T14:00:09.161Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-14T15:31:04.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the group search functionality of the Keycloak server\u0027s administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T17:36:24.856Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15945"
            },
            {
              "name": "RHBZ#2501302",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501302"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-14T15:31:04.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-14T15:31:04.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: group hierarchy search discloses hidden parent groups under fgap v2",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15945",
        "datePublished": "2026-07-16T17:36:24.856Z",
        "dateReserved": "2026-07-16T12:26:48.913Z",
        "dateUpdated": "2026-07-17T14:00:09.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5674 (GCVE-0-2026-5674)

    Vulnerability from nvd – Published: 2026-07-16 13:26 – Updated: 2026-07-16 14:03
    VLAI
    Title
    Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading
    Summary
    A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-5674 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2455341 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-04 23:59
    Credits
    Red Hat would like to thank Johann Rehberger (embracethered.com) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:02:49.819208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:03:16.054Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libkrun",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pipewire0.2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Johann Rehberger (embracethered.com) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-04T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire\u0027s PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user\u0027s system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T13:26:44.534Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5674"
            },
            {
              "name": "RHBZ#2455341",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455341"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-06T09:14:25.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-04T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, restrict containerized applications from accessing the PulseAudio socket or writing to host-visible paths. Additionally, configure PipeWire to prevent module loading by setting `pulse.allow-module-loading = false` in the PipeWire PulseAudio configuration. Alternatively, restrict the `dlopen()` paths for `module-ladspa-sink` to trusted system directories like `/usr/lib/ladspa/` and `/usr/lib64/ladspa/`. Applying these changes may require restarting the PipeWire service to take effect, which could impact audio functionality."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-427: Uncontrolled Search Path Element"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5674",
        "datePublished": "2026-07-16T13:26:44.534Z",
        "dateReserved": "2026-04-06T09:07:33.494Z",
        "dateUpdated": "2026-07-16T14:03:16.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48863 (GCVE-0-2026-48863)

    Vulnerability from nvd – Published: 2026-07-16 00:46 – Updated: 2026-07-18 02:39
    VLAI
    Title
    Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service
    Summary
    A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Date Public
    2026-05-26 18:53
    Credits
    This issue was discovered by AISLE Research and AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhcos",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "packageName": "satellite-capsule:el8/libsolv",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhui:4::el8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-26T18:53:04.400Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA \u0027s\u0027 MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:46.875Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-48863"
              },
              {
                "name": "RHBZ#2460975",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460975"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48863.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-23T00:57:48.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-26T18:53:04.400Z",
                "value": "Made public."
              }
            ],
            "title": "libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-18T02:38:55.351405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T02:39:45.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "libsolv",
              "vendor": "OpenSUSE",
              "versions": [
                {
                  "lessThan": "0.7.38",
                  "status": "affected",
                  "version": "0.6.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by AISLE Research and AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-26T18:53:04.400Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA \u0027s\u0027 MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:46:12.846Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-48863"
            },
            {
              "name": "RHBZ#2460975",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460975"
            },
            {
              "url": "https://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8#diff-309f245ec9b669ec78b8159c39e6f50130b4d4a0448f742685f7833d04bc4caaR592"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-23T00:57:48.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-26T18:53:04.400Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-48863",
        "datePublished": "2026-07-16T00:46:12.846Z",
        "dateReserved": "2026-05-25T20:59:30.305Z",
        "dateUpdated": "2026-07-18T02:39:45.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3842 (GCVE-0-2026-3842)

    Vulnerability from nvd – Published: 2026-07-16 00:20 – Updated: 2026-07-16 12:42
    VLAI
    Title
    Qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host oob write
    Summary
    A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 7.1.0 , < 11.0.0 (semver)
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2026-03-09 00:00
    Credits
    Red Hat would like to thank Oleh Konko (1seal) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm-ma",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "virt:rhel/qemu-kvm",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhcos",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-09T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:33.408Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-3842"
              },
              {
                "name": "RHBZ#2458150",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458150"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3842.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-09T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-09T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T12:41:54.779080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:42:09.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.com/qemu-project/qemu",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "versions": [
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Oleh Konko (1seal) for reporting this issue."
            }
          ],
          "datePublic": "2026-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:20:02.910Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-3842"
            },
            {
              "name": "RHBZ#2458150",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458150"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-09T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-09T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host oob write",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2026-3842",
        "datePublished": "2026-07-16T00:20:02.910Z",
        "dateReserved": "2026-03-09T18:04:03.609Z",
        "dateUpdated": "2026-07-16T12:42:09.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23538 (GCVE-0-2026-23538)

    Vulnerability from nvd – Published: 2026-07-16 00:10 – Updated: 2026-07-16 13:58
    VLAI
    Title
    Feast: resource exhaustion via websocket endpoint
    Summary
    A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Date Public
    2026-03-20 00:00
    Credits
    This issue was discovered by Jitendra Yejare (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-feature-server-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A vulnerability was identified in the Feast Feature Server\u0027s `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources\u2014such as memory, CPU, and file descriptors\u2014leading to a complete denial of service for legitimate users."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:34.222Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-23538"
              },
              {
                "name": "RHBZ#2429311",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429311"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23538.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-13T19:41:13.224Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "feast: Resource exhaustion via WebSocket endpoint",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:51:47.243241Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:58:04.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Feast Feature Server",
              "vendor": "Feast",
              "versions": [
                {
                  "lessThan": "0.59.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-feature-server-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Jitendra Yejare (Red Hat)."
            }
          ],
          "datePublic": "2026-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in the Feast Feature Server\u0027s `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources\u2014such as memory, CPU, and file descriptors\u2014leading to a complete denial of service for legitimate users."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:10:50.170Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-23538"
            },
            {
              "name": "RHBZ#2429311",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429311"
            },
            {
              "url": "https://github.com/red-hat-data-services/feast/pull/192"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-13T19:41:13.224Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Feast: resource exhaustion via websocket endpoint",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-23538",
        "datePublished": "2026-07-16T00:10:50.170Z",
        "dateReserved": "2026-01-13T19:53:18.502Z",
        "dateUpdated": "2026-07-16T13:58:04.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1609 (GCVE-0-2026-1609)

    Vulnerability from nvd – Published: 2026-07-16 00:26 – Updated: 2026-07-16 15:11
    VLAI
    Title
    Org.keycloak/keycloak-quarkus-server: keycloak: unauthorized access via jwt authorization grant with disabled users
    Summary
    A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Date Public
    2026-02-09 18:59
    Credits
    Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-app",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-deployment",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-app",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-deployment",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-09T18:59:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user\u2019s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:37.270Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-1609"
              },
              {
                "name": "RHBZ#2435257",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435257"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1609.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-29T12:08:43.064Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-09T18:59:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "org.keycloak/keycloak-quarkus-server: Keycloak: Unauthorized Access via JWT authorization grant with disabled users",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:35:20.130766Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:11:51.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Keycloak",
              "vendor": "Keycloak",
              "versions": [
                {
                  "lessThan": "26.5.3",
                  "status": "affected",
                  "version": "26.5.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-app",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-deployment",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-app",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-deployment",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue."
            }
          ],
          "datePublic": "2026-02-09T18:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user\u2019s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:26:10.772Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-1609"
            },
            {
              "name": "RHBZ#2435257",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435257"
            },
            {
              "url": "https://github.com/keycloak/keycloak/issues/46144"
            },
            {
              "url": "https://github.com/keycloak/keycloak/releases/tag/26.5.3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-29T12:08:43.064Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-02-09T18:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-quarkus-server: keycloak: unauthorized access via jwt authorization grant with disabled users",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, ensure that the `jwt-authorization-grant` preview feature is not enabled in Keycloak deployments. This feature is typically disabled by default. If it has been explicitly enabled, it should be disabled to prevent unauthorized access by disabled user accounts. Consult Keycloak documentation for specific instructions on managing preview features and configuration. A restart of the Keycloak service may be required after disabling the feature for the changes to take effect."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-284: Improper Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-1609",
        "datePublished": "2026-07-16T00:26:10.772Z",
        "dateReserved": "2026-01-29T12:08:57.214Z",
        "dateUpdated": "2026-07-16T15:11:51.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16118 (GCVE-0-2026-16118)

    Vulnerability from cvelistv5 – Published: 2026-07-17 19:44 – Updated: 2026-07-17 19:44
    VLAI
    Title
    Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c
    Summary
    A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Date Public
    2026-07-07 00:00
    Credits
    Red Hat would like to thank asotyc for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "webkitgtk4",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "webkit2gtk3",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "webkit2gtk3",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank asotyc for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T19:44:40.562Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16118"
            },
            {
              "name": "RHBZ#2501732",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501732"
            },
            {
              "url": "https://gitlab.freedesktop.org/xdg/xdgmime/-/work_items/41"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-17T13:20:23.862Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c",
          "workarounds": [
            {
              "lang": "en",
              "value": "Do not install a MIME magic file or content from untrusted sources."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16118",
        "datePublished": "2026-07-17T19:44:40.562Z",
        "dateReserved": "2026-07-17T15:50:21.345Z",
        "dateUpdated": "2026-07-17T19:44:40.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16104 (GCVE-0-2026-16104)

    Vulnerability from cvelistv5 – Published: 2026-07-17 16:43 – Updated: 2026-07-17 17:24
    VLAI
    Title
    Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins
    Summary
    A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16104 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501737 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-15 13:25
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16104",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:24:30.498422Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T17:24:34.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-15T13:25:50.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:43:54.168Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16104"
            },
            {
              "name": "RHBZ#2501737",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501737"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T13:25:50.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-15T13:25:50.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16104",
        "datePublished": "2026-07-17T16:43:54.168Z",
        "dateReserved": "2026-07-17T14:48:32.086Z",
        "dateUpdated": "2026-07-17T17:24:34.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16103 (GCVE-0-2026-16103)

    Vulnerability from cvelistv5 – Published: 2026-07-17 16:43 – Updated: 2026-07-17 17:02
    VLAI
    Title
    Keycloak-services: keycloak-services: incomplete fix for ciba brute-force lockout bypass at token redemption
    Summary
    A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication (CIBA) initiation handler but were omitted from the token redemption handler. This allows an attacker with valid client credentials to obtain access and refresh tokens for a user account that has been locked due to brute-force protection, provided the authentication request was started before the lockout occurred and was approved by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16103 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501736 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 16:53
    Credits
    Red Hat would like to thank johanw for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16103",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:01:59.231875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T17:02:25.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank johanw for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T16:53:46.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication (CIBA) initiation handler but were omitted from the token redemption handler. This allows an attacker with valid client credentials to obtain access and refresh tokens for a user account that has been locked due to brute-force protection, provided the authentication request was started before the lockout occurred and was approved by the user."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:43:50.887Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16103"
            },
            {
              "name": "RHBZ#2501736",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501736"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T16:53:46.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T16:53:46.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: incomplete fix for ciba brute-force lockout bypass at token redemption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16103",
        "datePublished": "2026-07-17T16:43:50.887Z",
        "dateReserved": "2026-07-17T14:46:55.658Z",
        "dateUpdated": "2026-07-17T17:02:25.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16106 (GCVE-0-2026-16106)

    Vulnerability from cvelistv5 – Published: 2026-07-17 16:43 – Updated: 2026-07-19 09:12
    VLAI
    Title
    Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles
    Summary
    A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16106 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501739 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-15 07:28
    Credits
    Red Hat would like to thank Owais Lone (thesecguy) (Independent Security Researcher) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:51:57.921536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:53:32.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Owais Lone (thesecguy) (Independent Security Researcher) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-15T07:28:13.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T09:12:28.180Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16106"
            },
            {
              "name": "RHBZ#2501739",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501739"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T07:28:13.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-15T07:28:13.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16106",
        "datePublished": "2026-07-17T16:43:16.461Z",
        "dateReserved": "2026-07-17T14:53:02.339Z",
        "dateUpdated": "2026-07-19T09:12:28.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16108 (GCVE-0-2026-16108)

    Vulnerability from cvelistv5 – Published: 2026-07-17 16:43 – Updated: 2026-07-17 18:05
    VLAI
    Title
    Keycloak-services: keycloak-services: realm default-group reads disclose hidden groups under fgap v2
    Summary
    A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and identifiers of hidden default groups, even if they lack the specific permissions to view those groups. This can lead to the exposure of sensitive organizational structures or internal group names.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16108 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501740 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-15 07:21
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:20:03.634038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T18:05:08.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-15T07:21:48.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This component is responsible for managing groups that are automatically assigned to new users within a realm. The issue allows a delegated administrator with realm-viewing permissions to see the names and identifiers of hidden default groups, even if they lack the specific permissions to view those groups. This can lead to the exposure of sensitive organizational structures or internal group names."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:43:14.900Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16108"
            },
            {
              "name": "RHBZ#2501740",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501740"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T07:21:48.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-15T07:21:48.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: realm default-group reads disclose hidden groups under fgap v2",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16108",
        "datePublished": "2026-07-17T16:43:14.900Z",
        "dateReserved": "2026-07-17T14:54:36.323Z",
        "dateUpdated": "2026-07-17T18:05:08.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16093 (GCVE-0-2026-16093)

    Vulnerability from cvelistv5 – Published: 2026-07-17 16:42 – Updated: 2026-07-17 16:42
    VLAI
    Title
    Keycloak-services: keycloak-services: required signed-jwt assertion policy can be bypassed with unsigned assertion headers
    Summary
    Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned assertion header that tricks the system into thinking the policy requirements have been met. This allows the attacker to authenticate using simpler methods like a client secret even when the administrator has mandated more secure, signed assertions.
    CWE
    • CWE-807 - Reliance on Untrusted Inputs in a Security Decision
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16093 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501729 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 17:01
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T17:01:13.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned assertion header that tricks the system into thinking the policy requirements have been met. This allows the attacker to authenticate using simpler methods like a client secret even when the administrator has mandated more secure, signed assertions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-807",
                  "description": "Reliance on Untrusted Inputs in a Security Decision",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T16:42:52.407Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16093"
            },
            {
              "name": "RHBZ#2501729",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501729"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T17:01:13.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T17:01:13.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: required signed-jwt assertion policy can be bypassed with unsigned assertion headers",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-807: Reliance on Untrusted Inputs in a Security Decision"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16093",
        "datePublished": "2026-07-17T16:42:52.407Z",
        "dateReserved": "2026-07-17T14:08:34.722Z",
        "dateUpdated": "2026-07-17T16:42:52.407Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16089 (GCVE-0-2026-16089)

    Vulnerability from cvelistv5 – Published: 2026-07-17 14:15 – Updated: 2026-07-17 14:15
    VLAI
    Title
    Keycloak-services: keycloak-services: authorization codes can be retargeted to another client session
    Summary
    A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their own client, potentially allowing them to obtain access tokens for a victim's identity.
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16089 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501724 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-17 12:17
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-17T12:17:39.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their own client, potentially allowing them to obtain access tokens for a victim\u0027s identity."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T14:15:43.476Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16089"
            },
            {
              "name": "RHBZ#2501724",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501724"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-17T12:17:39.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-17T12:17:39.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: authorization codes can be retargeted to another client session",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16089",
        "datePublished": "2026-07-17T14:15:43.476Z",
        "dateReserved": "2026-07-17T14:00:35.799Z",
        "dateUpdated": "2026-07-17T14:15:43.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-16072 (GCVE-0-2026-16072)

    Vulnerability from cvelistv5 – Published: 2026-07-17 13:40 – Updated: 2026-07-17 18:05
    VLAI
    Title
    Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation
    Summary
    A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-16072 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501721 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 17:09
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-16072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T17:27:33.028934Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T18:05:27.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T17:09:24.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T13:40:01.921Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-16072"
            },
            {
              "name": "RHBZ#2501721",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501721"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T17:09:24.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T17:09:24.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-16072",
        "datePublished": "2026-07-17T13:40:01.921Z",
        "dateReserved": "2026-07-17T13:26:09.324Z",
        "dateUpdated": "2026-07-17T18:05:27.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15943 (GCVE-0-2026-15943)

    Vulnerability from cvelistv5 – Published: 2026-07-17 11:49 – Updated: 2026-07-17 14:53
    VLAI
    Title
    Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change
    Summary
    A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15943 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501270 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-16 06:27
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T14:52:50.320761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T14:53:16.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-16T06:27:49.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T11:54:54.496Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15943"
            },
            {
              "name": "RHBZ#2501270",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501270"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-16T06:27:49.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-16T06:27:49.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1288: Improper Validation of Consistency within Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15943",
        "datePublished": "2026-07-17T11:49:49.874Z",
        "dateReserved": "2026-07-16T09:20:43.530Z",
        "dateUpdated": "2026-07-17T14:53:16.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15945 (GCVE-0-2026-15945)

    Vulnerability from cvelistv5 – Published: 2026-07-16 17:36 – Updated: 2026-07-17 14:00
    VLAI
    Title
    Keycloak-services: keycloak-services: group hierarchy search discloses hidden parent groups under fgap v2
    Summary
    A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-15945 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2501302 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-14 15:31
    Credits
    Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15945",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T13:59:59.366659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T14:00:09.161Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-14T15:31:04.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the group search functionality of the Keycloak server\u0027s administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T17:36:24.856Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15945"
            },
            {
              "name": "RHBZ#2501302",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501302"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-14T15:31:04.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-14T15:31:04.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: group hierarchy search discloses hidden parent groups under fgap v2",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15945",
        "datePublished": "2026-07-16T17:36:24.856Z",
        "dateReserved": "2026-07-16T12:26:48.913Z",
        "dateUpdated": "2026-07-17T14:00:09.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5674 (GCVE-0-2026-5674)

    Vulnerability from cvelistv5 – Published: 2026-07-16 13:26 – Updated: 2026-07-16 14:03
    VLAI
    Title
    Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading
    Summary
    A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-5674 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2455341 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-04 23:59
    Credits
    Red Hat would like to thank Johann Rehberger (embracethered.com) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:02:49.819208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T14:03:16.054Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libkrun",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pipewire0.2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "firefox",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Johann Rehberger (embracethered.com) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-04T23:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire\u0027s PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user\u0027s system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T13:26:44.534Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5674"
            },
            {
              "name": "RHBZ#2455341",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455341"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-06T09:14:25.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-04T23:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, restrict containerized applications from accessing the PulseAudio socket or writing to host-visible paths. Additionally, configure PipeWire to prevent module loading by setting `pulse.allow-module-loading = false` in the PipeWire PulseAudio configuration. Alternatively, restrict the `dlopen()` paths for `module-ladspa-sink` to trusted system directories like `/usr/lib/ladspa/` and `/usr/lib64/ladspa/`. Applying these changes may require restarting the PipeWire service to take effect, which could impact audio functionality."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-427: Uncontrolled Search Path Element"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5674",
        "datePublished": "2026-07-16T13:26:44.534Z",
        "dateReserved": "2026-04-06T09:07:33.494Z",
        "dateUpdated": "2026-07-16T14:03:16.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48863 (GCVE-0-2026-48863)

    Vulnerability from cvelistv5 – Published: 2026-07-16 00:46 – Updated: 2026-07-18 02:39
    VLAI
    Title
    Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service
    Summary
    A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Date Public
    2026-05-26 18:53
    Credits
    This issue was discovered by AISLE Research and AISLE in partnership with Red Hat.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhcos",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "packageName": "satellite-capsule:el8/libsolv",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhui:4::el8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "libsolv",
                "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-26T18:53:04.400Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA \u0027s\u0027 MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:46.875Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-48863"
              },
              {
                "name": "RHBZ#2460975",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460975"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48863.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-23T00:57:48.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-26T18:53:04.400Z",
                "value": "Made public."
              }
            ],
            "title": "libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-18T02:38:55.351405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T02:39:45.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "libsolv",
              "vendor": "OpenSUSE",
              "versions": [
                {
                  "lessThan": "0.7.38",
                  "status": "affected",
                  "version": "0.6.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite-capsule:el8/libsolv",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhui:4::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libsolv",
              "product": "Red Hat Update Infrastructure 4 for Cloud Providers",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by AISLE Research and AISLE in partnership with Red Hat."
            }
          ],
          "datePublic": "2026-05-26T18:53:04.400Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA \u0027s\u0027 MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:46:12.846Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-48863"
            },
            {
              "name": "RHBZ#2460975",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460975"
            },
            {
              "url": "https://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8#diff-309f245ec9b669ec78b8159c39e6f50130b4d4a0448f742685f7833d04bc4caaR592"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-23T00:57:48.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-05-26T18:53:04.400Z",
              "value": "Made public."
            }
          ],
          "title": "Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-48863",
        "datePublished": "2026-07-16T00:46:12.846Z",
        "dateReserved": "2026-05-25T20:59:30.305Z",
        "dateUpdated": "2026-07-18T02:39:45.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1609 (GCVE-0-2026-1609)

    Vulnerability from cvelistv5 – Published: 2026-07-16 00:26 – Updated: 2026-07-16 15:11
    VLAI
    Title
    Org.keycloak/keycloak-quarkus-server: keycloak: unauthorized access via jwt authorization grant with disabled users
    Summary
    A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Date Public
    2026-02-09 18:59
    Credits
    Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-app",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-deployment",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-app",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "packageName": "keycloak-quarkus-server-deployment",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-09T18:59:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user\u2019s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:37.270Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-1609"
              },
              {
                "name": "RHBZ#2435257",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435257"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1609.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-29T12:08:43.064Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-09T18:59:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "org.keycloak/keycloak-quarkus-server: Keycloak: Unauthorized Access via JWT authorization grant with disabled users",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:35:20.130766Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:11:51.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Keycloak",
              "vendor": "Keycloak",
              "versions": [
                {
                  "lessThan": "26.5.3",
                  "status": "affected",
                  "version": "26.5.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-app",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-deployment",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-app",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-quarkus-server-deployment",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue."
            }
          ],
          "datePublic": "2026-02-09T18:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user\u2019s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:26:10.772Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-1609"
            },
            {
              "name": "RHBZ#2435257",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435257"
            },
            {
              "url": "https://github.com/keycloak/keycloak/issues/46144"
            },
            {
              "url": "https://github.com/keycloak/keycloak/releases/tag/26.5.3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-29T12:08:43.064Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-02-09T18:59:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.keycloak/keycloak-quarkus-server: keycloak: unauthorized access via jwt authorization grant with disabled users",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, ensure that the `jwt-authorization-grant` preview feature is not enabled in Keycloak deployments. This feature is typically disabled by default. If it has been explicitly enabled, it should be disabled to prevent unauthorized access by disabled user accounts. Consult Keycloak documentation for specific instructions on managing preview features and configuration. A restart of the Keycloak service may be required after disabling the feature for the changes to take effect."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-284: Improper Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-1609",
        "datePublished": "2026-07-16T00:26:10.772Z",
        "dateReserved": "2026-01-29T12:08:57.214Z",
        "dateUpdated": "2026-07-16T15:11:51.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3842 (GCVE-0-2026-3842)

    Vulnerability from cvelistv5 – Published: 2026-07-16 00:20 – Updated: 2026-07-16 12:42
    VLAI
    Title
    Qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host oob write
    Summary
    A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 7.1.0 , < 11.0.0 (semver)
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2026-03-09 00:00
    Credits
    Red Hat would like to thank Oleh Konko (1seal) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm-ma",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "virt:rhel/qemu-kvm",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "qemu-kvm",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhcos",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-09T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:04:33.408Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-3842"
              },
              {
                "name": "RHBZ#2458150",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458150"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3842.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-09T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-09T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T12:41:54.779080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:42:09.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.com/qemu-project/qemu",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "versions": [
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Oleh Konko (1seal) for reporting this issue."
            }
          ],
          "datePublic": "2026-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T00:20:02.910Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-3842"
            },
            {
              "name": "RHBZ#2458150",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458150"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-09T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-09T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host oob write",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2026-3842",
        "datePublished": "2026-07-16T00:20:02.910Z",
        "dateReserved": "2026-03-09T18:04:03.609Z",
        "dateUpdated": "2026-07-16T12:42:09.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2026-AVI-0899

    Vulnerability from certfr_avis - Published: 2026-07-17 - Updated: 2026-07-17

    De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server - AUS 8.6 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian 8 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server - AUS 8.4 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems 8 s390x
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 8 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 10 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server - TUS 8.8 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Real Time 8 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server - AUS 9.6 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 8 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 10 aarch64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server - AUS 9.4 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for x86_64 8 x86_64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server - AUS 9.2 x86_64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.8 x86_64
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.6 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for IBM z Systems 10 s390x
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for Power, little endian 10 ppc64le
    Red Hat Red Hat CodeReady Linux Builder Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.4 x86_64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
    Red Hat Red Hat Enterprise Linux Server Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
    Red Hat Red Hat Enterprise Linux Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server - AUS 8.6 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 10 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server - TUS 8.8 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server - AUS 9.6 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 10 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server - AUS 9.4 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server - AUS 9.2 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for ARM 64 10 aarch64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.8 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.6 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for IBM z Systems 10 s390x",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for Power, little endian 10 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le",
          "product": {
            "name": "Red Hat CodeReady Linux Builder",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.4 x86_64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le",
          "product": {
            "name": "Red Hat Enterprise Linux Server",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        },
        {
          "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64",
          "product": {
            "name": "Red Hat Enterprise Linux",
            "vendor": {
              "name": "Red Hat",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-43414",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43414"
        },
        {
          "name": "CVE-2026-31613",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31613"
        },
        {
          "name": "CVE-2026-46173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46173"
        },
        {
          "name": "CVE-2025-38653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38653"
        },
        {
          "name": "CVE-2026-46113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46113"
        },
        {
          "name": "CVE-2026-31408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31408"
        },
        {
          "name": "CVE-2026-43279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43279"
        },
        {
          "name": "CVE-2026-46209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46209"
        },
        {
          "name": "CVE-2026-53166",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53166"
        },
        {
          "name": "CVE-2026-53266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
        },
        {
          "name": "CVE-2026-46116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46116"
        },
        {
          "name": "CVE-2026-43074",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43074"
        },
        {
          "name": "CVE-2026-43499",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43499"
        },
        {
          "name": "CVE-2026-46189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46189"
        },
        {
          "name": "CVE-2025-68724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
        },
        {
          "name": "CVE-2026-46242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46242"
        },
        {
          "name": "CVE-2026-31684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31684"
        },
        {
          "name": "CVE-2025-68183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68183"
        },
        {
          "name": "CVE-2025-71089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71089"
        },
        {
          "name": "CVE-2026-45984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45984"
        },
        {
          "name": "CVE-2026-46152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46152"
        },
        {
          "name": "CVE-2026-46135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46135"
        },
        {
          "name": "CVE-2026-43330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43330"
        },
        {
          "name": "CVE-2025-71066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
        },
        {
          "name": "CVE-2026-46316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46316"
        },
        {
          "name": "CVE-2026-46086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46086"
        },
        {
          "name": "CVE-2026-53359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53359"
        },
        {
          "name": "CVE-2026-53016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53016"
        },
        {
          "name": "CVE-2026-31411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31411"
        },
        {
          "name": "CVE-2026-43027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-43027"
        }
      ],
      "initial_release_date": "2026-07-17T00:00:00",
      "last_revision_date": "2026-07-17T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0899",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
      "vendor_advisories": [
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39983",
          "url": "https://access.redhat.com/errata/RHSA-2026:39983"
        },
        {
          "published_at": "2026-07-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:38902",
          "url": "https://access.redhat.com/errata/RHSA-2026:38902"
        },
        {
          "published_at": "2026-07-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:41229",
          "url": "https://access.redhat.com/errata/RHSA-2026:41229"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39371",
          "url": "https://access.redhat.com/errata/RHSA-2026:39371"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:40082",
          "url": "https://access.redhat.com/errata/RHSA-2026:40082"
        },
        {
          "published_at": "2026-07-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:37729",
          "url": "https://access.redhat.com/errata/RHSA-2026:37729"
        },
        {
          "published_at": "2026-07-16",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:40760",
          "url": "https://access.redhat.com/errata/RHSA-2026:40760"
        },
        {
          "published_at": "2026-07-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:37728",
          "url": "https://access.redhat.com/errata/RHSA-2026:37728"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39494",
          "url": "https://access.redhat.com/errata/RHSA-2026:39494"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:40068",
          "url": "https://access.redhat.com/errata/RHSA-2026:40068"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:40425",
          "url": "https://access.redhat.com/errata/RHSA-2026:40425"
        },
        {
          "published_at": "2026-07-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39984",
          "url": "https://access.redhat.com/errata/RHSA-2026:39984"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39083",
          "url": "https://access.redhat.com/errata/RHSA-2026:39083"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39082",
          "url": "https://access.redhat.com/errata/RHSA-2026:39082"
        },
        {
          "published_at": "2026-07-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2026:39180",
          "url": "https://access.redhat.com/errata/RHSA-2026:39180"
        }
      ]
    }