Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-28942 (GCVE-0-2026-28942)
Vulnerability from cvelistv5 – Published: 2026-05-11 20:07 – Updated: 2026-06-30 03:16
VLAI
EPSS
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity
6.5 (Medium)
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to an unexpected Safari crash
- CWE-416 - Use After Free
Assigner
References
18 references
Impacted products
21 products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T13:34:00.481430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:39:54.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:16:40.882Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"name": "RHBZ#2483963",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28942.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27728"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27785"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28114"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27804"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28148"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28146"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28147"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:27728: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:25918: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:27785: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:28114: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:27804: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:28148: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:28146: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:28147: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:25927: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-02T13:33:49.917Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"workarounds": [
{
"lang": "en",
"value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:58:44.539Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/127110"
},
{
"url": "https://support.apple.com/en-us/127115"
},
{
"url": "https://support.apple.com/en-us/127118"
},
{
"url": "https://support.apple.com/en-us/127119"
},
{
"url": "https://support.apple.com/en-us/127120"
},
{
"url": "https://support.apple.com/en-us/127121"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-28942",
"datePublished": "2026-05-11T20:07:42.339Z",
"dateReserved": "2026-03-03T16:36:03.989Z",
"dateUpdated": "2026-06-30T03:16:40.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-28942",
"date": "2026-06-29",
"epss": "0.00356",
"percentile": "0.27507"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-28942\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-05-11T21:18:55.427\",\"lastModified\":\"2026-06-30T03:18:05.607\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.\"}],\"affected\":[{\"source\":\"product-security@apple.com\",\"affectedData\":[{\"vendor\":\"Apple\",\"product\":\"Safari\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"26.5\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Apple\",\"product\":\"iOS and iPadOS\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"26.5\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Apple\",\"product\":\"macOS\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"26.5\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Apple\",\"product\":\"tvOS\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"26.5\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Apple\",\"product\":\"visionOS\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"26.5\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Apple\",\"product\":\"watchOS\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"26.5\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server Optional (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-13T13:34:00.481430Z\",\"id\":\"CVE-2026-28942\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"9D9FC2C4-7A7C-4330-A226-255428A5D18E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"0A70A5FD-8891-4C4E-9D35-F217F95027B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"6CB91417-90A8-4A9B-A1D0-1D94B80EF837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"176C47FD-FA25-437B-9061-A81CAA367AEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"C8F45D80-0DF8-444E-9AF1-703A1075F046\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.5\",\"matchCriteriaId\":\"057B244F-5485-4108-8E23-FE15F5256EE7\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/127110\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127115\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127118\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127119\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127120\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/127121\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25918\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25927\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27728\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27785\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27804\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28114\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28146\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28147\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28148\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-28942\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2483963\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28942.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28942\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T13:34:00.481430Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T13:34:29.394Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.5\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/127110\"}, {\"url\": \"https://support.apple.com/en-us/127115\"}, {\"url\": \"https://support.apple.com/en-us/127118\"}, {\"url\": \"https://support.apple.com/en-us/127119\"}, {\"url\": \"https://support.apple.com/en-us/127120\"}, {\"url\": \"https://support.apple.com/en-us/127121\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to an unexpected Safari crash\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-05-13T19:58:44.539Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-28942\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T19:58:44.539Z\", \"dateReserved\": \"2026-03-03T16:36:03.989Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-05-11T20:07:42.339Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:25918
Vulnerability from osv_almalinux
Published
2026-06-15 00:00
Modified
2026-06-15 14:30
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
- webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
- webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
- webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)\n * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)\n * webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)\n * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:25918",
"modified": "2026-06-15T14:30:39Z",
"published": "2026-06-15T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28847"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28883"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28901"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28902"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28903"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28905"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28907"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28958"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-43658"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-43660"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2471790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483955"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483956"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483957"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483958"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483959"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483960"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483961"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483962"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483963"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483964"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483965"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483966"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483967"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483968"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483969"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-25918.html"
}
],
"related": [
"CVE-2026-28946",
"CVE-2026-28847",
"CVE-2026-28883",
"CVE-2026-28901",
"CVE-2026-28902",
"CVE-2026-28903",
"CVE-2026-28904",
"CVE-2026-28905",
"CVE-2026-28907",
"CVE-2026-28942",
"CVE-2026-28947",
"CVE-2026-28953",
"CVE-2026-28955",
"CVE-2026-28958",
"CVE-2026-43658",
"CVE-2026-43660"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2026:25927
Vulnerability from osv_almalinux
Published
2026-06-15 00:00
Modified
2026-06-16 07:53
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
- webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
- webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
- webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.52.4-1.el9_8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)\n * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)\n * webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)\n * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:25927",
"modified": "2026-06-16T07:53:41Z",
"published": "2026-06-15T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28847"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28883"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28901"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28902"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28903"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28905"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28907"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-28958"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-43658"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-43660"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2471790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483955"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483956"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483957"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483958"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483959"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483960"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483961"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483962"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483963"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483964"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483965"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483966"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483967"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483968"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2483969"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-25927.html"
}
],
"related": [
"CVE-2026-28946",
"CVE-2026-28847",
"CVE-2026-28883",
"CVE-2026-28901",
"CVE-2026-28902",
"CVE-2026-28903",
"CVE-2026-28904",
"CVE-2026-28905",
"CVE-2026-28907",
"CVE-2026-28942",
"CVE-2026-28947",
"CVE-2026-28953",
"CVE-2026-28955",
"CVE-2026-28958",
"CVE-2026-43658",
"CVE-2026-43660"
],
"summary": "Important: webkit2gtk3 security update"
}
CERTFR-2026-AVI-0563
Vulnerability from certfr_avis - Published: 2026-05-12 - Updated: 2026-05-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 26.5 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 15.8.8 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.7 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.11 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.7.9 | ||
| Apple | tvOS | tvOS versions antérieures à 26.5 | ||
| Apple | visionOS | visionOS versions antérieures à 26.5 | ||
| Apple | iPadOS | iPadOS versions antérieures à 16.7.16 | ||
| Apple | iOS | iOS versions antérieures à 16.7.16 | ||
| Apple | iOS | iOS versions antérieures à 18.7.9 | ||
| Apple | iOS | iOS versions antérieures à 26.5 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.5 | ||
| Apple | watchOS | watchOS versions antérieures à 26.5 | ||
| Apple | iOS | iOS versions antérieures à 15.8.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.8",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.7",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.11",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.7.9",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.16",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.16",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.7.9",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": " iOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.8",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-43668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43668"
},
{
"name": "CVE-2026-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28944"
},
{
"name": "CVE-2026-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1837"
},
{
"name": "CVE-2026-28930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28930"
},
{
"name": "CVE-2026-28976",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28976"
},
{
"name": "CVE-2026-43656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43656"
},
{
"name": "CVE-2026-28988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28988"
},
{
"name": "CVE-2026-28951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28951"
},
{
"name": "CVE-2026-28901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
},
{
"name": "CVE-2026-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28915"
},
{
"name": "CVE-2026-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28965"
},
{
"name": "CVE-2026-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28913"
},
{
"name": "CVE-2026-28987",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28987"
},
{
"name": "CVE-2026-28994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28994"
},
{
"name": "CVE-2026-28919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28919"
},
{
"name": "CVE-2026-28882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28882"
},
{
"name": "CVE-2026-43661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43661"
},
{
"name": "CVE-2026-28959",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28959"
},
{
"name": "CVE-2026-28873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28873"
},
{
"name": "CVE-2026-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
},
{
"name": "CVE-2026-43658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
},
{
"name": "CVE-2026-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28840"
},
{
"name": "CVE-2026-28920",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28920"
},
{
"name": "CVE-2026-28878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28878"
},
{
"name": "CVE-2026-39871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39871"
},
{
"name": "CVE-2026-28961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28961"
},
{
"name": "CVE-2026-28907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
},
{
"name": "CVE-2026-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39869"
},
{
"name": "CVE-2025-43524",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43524"
},
{
"name": "CVE-2026-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
},
{
"name": "CVE-2026-39870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39870"
},
{
"name": "CVE-2026-28963",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28963"
},
{
"name": "CVE-2026-28936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28936"
},
{
"name": "CVE-2026-28955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
},
{
"name": "CVE-2026-28977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28977"
},
{
"name": "CVE-2026-28940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28940"
},
{
"name": "CVE-2026-28903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
},
{
"name": "CVE-2026-28969",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28969"
},
{
"name": "CVE-2026-28848",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28848"
},
{
"name": "CVE-2026-28957",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28957"
},
{
"name": "CVE-2026-28819",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28819"
},
{
"name": "CVE-2026-28872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28872"
},
{
"name": "CVE-2026-28846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28846"
},
{
"name": "CVE-2026-28902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
},
{
"name": "CVE-2026-28917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28917"
},
{
"name": "CVE-2026-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28964"
},
{
"name": "CVE-2026-28894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28894"
},
{
"name": "CVE-2026-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28950"
},
{
"name": "CVE-2026-28986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28986"
},
{
"name": "CVE-2026-28925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28925"
},
{
"name": "CVE-2026-28943",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28943"
},
{
"name": "CVE-2026-28993",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28993"
},
{
"name": "CVE-2026-28924",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28924"
},
{
"name": "CVE-2026-28990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28990"
},
{
"name": "CVE-2026-28918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28918"
},
{
"name": "CVE-2026-28996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28996"
},
{
"name": "CVE-2026-28905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
},
{
"name": "CVE-2026-28906",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28906"
},
{
"name": "CVE-2026-43655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43655"
},
{
"name": "CVE-2026-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28972"
},
{
"name": "CVE-2026-28941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28941"
},
{
"name": "CVE-2026-28954",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28954"
},
{
"name": "CVE-2026-28877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28877"
},
{
"name": "CVE-2026-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28956"
},
{
"name": "CVE-2026-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28974"
},
{
"name": "CVE-2026-43652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43652"
},
{
"name": "CVE-2026-28908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28908"
},
{
"name": "CVE-2026-43654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43654"
},
{
"name": "CVE-2026-28929",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28929"
},
{
"name": "CVE-2026-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28971"
},
{
"name": "CVE-2026-28985",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28985"
},
{
"name": "CVE-2026-28958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
},
{
"name": "CVE-2026-28995",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28995"
},
{
"name": "CVE-2026-28922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28922"
},
{
"name": "CVE-2026-43653",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43653"
},
{
"name": "CVE-2026-28914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28914"
},
{
"name": "CVE-2026-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
},
{
"name": "CVE-2026-28946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
},
{
"name": "CVE-2026-28991",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28991"
},
{
"name": "CVE-2026-28952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28952"
},
{
"name": "CVE-2026-28962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28962"
},
{
"name": "CVE-2026-28983",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28983"
},
{
"name": "CVE-2026-43660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
},
{
"name": "CVE-2026-28904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
},
{
"name": "CVE-2026-28978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28978"
},
{
"name": "CVE-2026-28992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28992"
},
{
"name": "CVE-2026-43659",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43659"
},
{
"name": "CVE-2026-28923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28923"
},
{
"name": "CVE-2026-28870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28870"
},
{
"name": "CVE-2026-43666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43666"
},
{
"name": "CVE-2026-28897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28897"
},
{
"name": "CVE-2026-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
},
{
"name": "CVE-2026-28847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
}
],
"initial_release_date": "2026-05-12T00:00:00",
"last_revision_date": "2026-05-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127114",
"url": "https://support.apple.com/en-us/127114"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127117",
"url": "https://support.apple.com/en-us/127117"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127115",
"url": "https://support.apple.com/en-us/127115"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127118",
"url": "https://support.apple.com/en-us/127118"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127110",
"url": "https://support.apple.com/en-us/127110"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127111",
"url": "https://support.apple.com/en-us/127111"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127113",
"url": "https://support.apple.com/en-us/127113"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127116",
"url": "https://support.apple.com/en-us/127116"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127119",
"url": "https://support.apple.com/en-us/127119"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127120",
"url": "https://support.apple.com/en-us/127120"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127112",
"url": "https://support.apple.com/en-us/127112"
}
]
}
CERTFR-2026-AVI-0590
Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15
De multiples vulnérabilités ont été découvertes dans Apple Safari. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.5",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28944"
},
{
"name": "CVE-2026-28901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
},
{
"name": "CVE-2026-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28913"
},
{
"name": "CVE-2026-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
},
{
"name": "CVE-2026-43658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
},
{
"name": "CVE-2026-28907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
},
{
"name": "CVE-2026-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
},
{
"name": "CVE-2026-28955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
},
{
"name": "CVE-2026-28903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
},
{
"name": "CVE-2026-28902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
},
{
"name": "CVE-2026-28917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28917"
},
{
"name": "CVE-2026-28905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
},
{
"name": "CVE-2026-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28971"
},
{
"name": "CVE-2026-28958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
},
{
"name": "CVE-2026-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
},
{
"name": "CVE-2026-28946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
},
{
"name": "CVE-2026-28962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28962"
},
{
"name": "CVE-2026-43660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
},
{
"name": "CVE-2026-28904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
},
{
"name": "CVE-2026-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
},
{
"name": "CVE-2026-28847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
}
],
"initial_release_date": "2026-05-15T00:00:00",
"last_revision_date": "2026-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0590",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Safari. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
"vendor_advisories": [
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 127121",
"url": "https://support.apple.com/en-us/127121"
}
]
}
FKIE_CVE-2026-28942
Vulnerability from fkie_nvd - Published: 2026-05-11 21:18 - Updated: 2026-06-30 03:18
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/127110 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127115 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127118 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127119 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127120 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/127121 | Release Notes, Vendor Advisory | |
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:25918 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:25927 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:27728 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:27785 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:27804 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:28114 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:28146 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:28147 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:28148 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/security/cve/CVE-2026-28942 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://bugzilla.redhat.com/show_bug.cgi?id=2483963 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28942.json |
{
"affected": [
{
"affectedData": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"source": "product-security@apple.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9FC2C4-7A7C-4330-A226-255428A5D18E",
"versionEndExcluding": "26.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A70A5FD-8891-4C4E-9D35-F217F95027B5",
"versionEndExcluding": "26.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837",
"versionEndExcluding": "26.5",
"versionStartIncluding": "26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "176C47FD-FA25-437B-9061-A81CAA367AEF",
"versionEndExcluding": "26.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F45D80-0DF8-444E-9AF1-703A1075F046",
"versionEndExcluding": "26.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "057B244F-5485-4108-8E23-FE15F5256EE7",
"versionEndExcluding": "26.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash."
}
],
"id": "CVE-2026-28942",
"lastModified": "2026-06-30T03:18:05.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-28942",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T13:34:00.481430Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-11T21:18:55.427",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127110"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127115"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127118"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127119"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127120"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/127121"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:27728"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:27785"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:27804"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:28114"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:28146"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:28147"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:28148"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28942.json"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-2M37-4H9F-8WCF
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-06-30 03:36
VLAI
Details
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-28942"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T21:18:55Z",
"severity": "MODERATE"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.",
"id": "GHSA-2m37-4h9f-8wcf",
"modified": "2026-06-30T03:36:39Z",
"published": "2026-05-11T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127121"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127120"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127119"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127118"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127115"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/127110"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28942.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28148"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28147"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28146"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28114"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27804"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27785"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27728"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0138
Vulnerability from csaf_ncscnl - Published: 2026-05-12 12:18 - Updated: 2026-05-12 12:18Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van iOS en iPadOS
Interpretaties: De kwetsbaarheden betreffen onder andere onjuiste geheugenbeheermechanismen zoals use-after-free, buffer overflows, out-of-bounds reads en writes, race conditions, type confusion, null pointer dereferences, en onvoldoende inputvalidatie. Deze kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, ongeautoriseerde toegang tot gevoelige gebruikers- of kerneldata, privilege-escalatie, en het omzeilen van beveiligingsmechanismen zoals Content Security Policy en sandboxing. Sommige kwetsbaarheden maken het mogelijk dat een aanvaller code met kernel-privileges uitvoert of systeemstabiliteit verstoort. De problemen kunnen worden geactiveerd door het verwerken van speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie, strengere toegangscontroles, en verbeterde geheugen- en state managementmechanismen.
Oplossingen: Apple heeft updates uitgebracht voor iOS en iPadOS om deze kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CWE-404: Improper Resource Shutdown or Release
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-805: Buffer Access with Incorrect Length Value
Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed by implementing additional validation across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Tahoe 26.4.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A resource exhaustion vulnerability in iOS and iPadOS versions 18.7.9 and 26.4 was mitigated through improved input validation to prevent denial-of-service attacks by remote attackers.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4 allowed apps to bypass App Privacy Report logging, which was resolved by implementing additional entitlement checks.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization vulnerability allowing unauthorized access to sensitive user data was resolved through enhanced state management across multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A vulnerability allowing apps to enumerate a user's installed applications was addressed through enhanced verification checks across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
4.0 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was mitigated by improved input validation to prevent remote attackers from causing service disruption.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic flaw causing remote images to display when replying to emails in Mail's Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue causing notifications marked for deletion to be unexpectedly retained on iOS and iPadOS devices was resolved by enhancing data redaction across multiple versions.
6.2 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A vulnerability allowing applications to capture user screen content via camera metadata was addressed in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, and visionOS 26.5 through enhanced logic controls.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A privacy vulnerability in iOS 26.5 and iPadOS 26.5 allowed attackers with physical access to exploit Visual Intelligence during iPhone Mirroring to access sensitive data, which was remediated by removing the vulnerable code.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An inconsistent user interface issue in iOS 16.5, iPadOS 16.5, and visionOS 16.5 that could allow an app to access sensitive user data was resolved through improved state management.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A privacy vulnerability in iOS 26.5 and iPadOS 26.5 that allowed users to access restricted content from the lock screen has been addressed through enhanced verification mechanisms.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
References
78 references
| URL | Category |
|---|---|
| https://support.apple.com/en-us/127110 | external |
| https://support.apple.com/en-us/127111 | external |
| https://support.apple.com/en-us/127112 | external |
| https://support.apple.com/en-us/127113 | external |
| https://support.apple.com/en-us/127114 | external |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van iOS en iPadOS",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen onder andere onjuiste geheugenbeheermechanismen zoals use-after-free, buffer overflows, out-of-bounds reads en writes, race conditions, type confusion, null pointer dereferences, en onvoldoende inputvalidatie. Deze kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, ongeautoriseerde toegang tot gevoelige gebruikers- of kerneldata, privilege-escalatie, en het omzeilen van beveiligingsmechanismen zoals Content Security Policy en sandboxing. Sommige kwetsbaarheden maken het mogelijk dat een aanvaller code met kernel-privileges uitvoert of systeemstabiliteit verstoort. De problemen kunnen worden geactiveerd door het verwerken van speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie, strengere toegangscontroles, en verbeterde geheugen- en state managementmechanismen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht voor iOS en iPadOS om deze kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Buffer Access with Incorrect Length Value",
"title": "CWE-805"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127110"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127111"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127112"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127113"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127114"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2026-05-12T12:18:59.723533Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0138",
"initial_release_date": "2026-05-12T12:18:59.723533Z",
"revision_history": [
{
"date": "2026-05-12T12:18:59.723533Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1837",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "other",
"text": "Buffer Access with Incorrect Length Value",
"title": "CWE-805"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-1837 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1837.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-1837"
},
{
"cve": "CVE-2026-28819",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28819 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28819.json"
}
],
"title": "CVE-2026-28819"
},
{
"cve": "CVE-2026-28846",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28846 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28846.json"
}
],
"title": "CVE-2026-28846"
},
{
"cve": "CVE-2026-28847",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28847 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28847.json"
}
],
"title": "CVE-2026-28847"
},
{
"cve": "CVE-2026-28870",
"notes": [
{
"category": "description",
"text": "An information leakage vulnerability allowing unauthorized access to sensitive user data was fixed by implementing additional validation across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Tahoe 26.4.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28870 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28870.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28870"
},
{
"cve": "CVE-2026-28872",
"notes": [
{
"category": "description",
"text": "A resource exhaustion vulnerability in iOS and iPadOS versions 18.7.9 and 26.4 was mitigated through improved input validation to prevent denial-of-service attacks by remote attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28872 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28872.json"
}
],
"title": "CVE-2026-28872"
},
{
"cve": "CVE-2026-28873",
"notes": [
{
"category": "description",
"text": "An issue in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4 allowed apps to bypass App Privacy Report logging, which was resolved by implementing additional entitlement checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28873 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28873.json"
}
],
"title": "CVE-2026-28873"
},
{
"cve": "CVE-2026-28877",
"notes": [
{
"category": "description",
"text": "An authorization vulnerability allowing unauthorized access to sensitive user data was resolved through enhanced state management across multiple Apple operating systems including iOS, iPadOS, macOS, visionOS, and watchOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28877 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28877.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28877"
},
{
"cve": "CVE-2026-28882",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing apps to enumerate a user\u0027s installed applications was addressed through enhanced verification checks across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28882 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28882.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28882"
},
{
"cve": "CVE-2026-28883",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28883 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28883.json"
}
],
"title": "CVE-2026-28883"
},
{
"cve": "CVE-2026-28894",
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in iOS 26.4, iPadOS 26.4, and multiple macOS versions was mitigated by improved input validation to prevent remote attackers from causing service disruption.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28894 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28894.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28894"
},
{
"cve": "CVE-2026-28897",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28897.json"
}
],
"title": "CVE-2026-28897"
},
{
"cve": "CVE-2026-28901",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28901.json"
}
],
"title": "CVE-2026-28901"
},
{
"cve": "CVE-2026-28902",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28902 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28902.json"
}
],
"title": "CVE-2026-28902"
},
{
"cve": "CVE-2026-28903",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28903.json"
}
],
"title": "CVE-2026-28903"
},
{
"cve": "CVE-2026-28904",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28904.json"
}
],
"title": "CVE-2026-28904"
},
{
"cve": "CVE-2026-28905",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28905 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28905.json"
}
],
"title": "CVE-2026-28905"
},
{
"cve": "CVE-2026-28906",
"notes": [
{
"category": "description",
"text": "An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28906.json"
}
],
"title": "CVE-2026-28906"
},
{
"cve": "CVE-2026-28907",
"notes": [
{
"category": "description",
"text": "An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28907.json"
}
],
"title": "CVE-2026-28907"
},
{
"cve": "CVE-2026-28913",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28913.json"
}
],
"title": "CVE-2026-28913"
},
{
"cve": "CVE-2026-28917",
"notes": [
{
"category": "description",
"text": "An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28917.json"
}
],
"title": "CVE-2026-28917"
},
{
"cve": "CVE-2026-28918",
"notes": [
{
"category": "description",
"text": "An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28918.json"
}
],
"title": "CVE-2026-28918"
},
{
"cve": "CVE-2026-28920",
"notes": [
{
"category": "description",
"text": "An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28920.json"
}
],
"title": "CVE-2026-28920"
},
{
"cve": "CVE-2026-28929",
"notes": [
{
"category": "description",
"text": "A logic flaw causing remote images to display when replying to emails in Mail\u0027s Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28929.json"
}
],
"title": "CVE-2026-28929"
},
{
"cve": "CVE-2026-28936",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28936.json"
}
],
"title": "CVE-2026-28936"
},
{
"cve": "CVE-2026-28940",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28940 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28940.json"
}
],
"title": "CVE-2026-28940"
},
{
"cve": "CVE-2026-28941",
"notes": [
{
"category": "description",
"text": "Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28941.json"
}
],
"title": "CVE-2026-28941"
},
{
"cve": "CVE-2026-28942",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28942 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28942.json"
}
],
"title": "CVE-2026-28942"
},
{
"cve": "CVE-2026-28943",
"notes": [
{
"category": "description",
"text": "A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28943 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28943.json"
}
],
"title": "CVE-2026-28943"
},
{
"cve": "CVE-2026-28944",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28944.json"
}
],
"title": "CVE-2026-28944"
},
{
"cve": "CVE-2026-28947",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28947 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28947.json"
}
],
"title": "CVE-2026-28947"
},
{
"cve": "CVE-2026-28950",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "description",
"text": "A logging issue causing notifications marked for deletion to be unexpectedly retained on iOS and iPadOS devices was resolved by enhancing data redaction across multiple versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28950 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-28950"
},
{
"cve": "CVE-2026-28951",
"notes": [
{
"category": "description",
"text": "An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28951.json"
}
],
"title": "CVE-2026-28951"
},
{
"cve": "CVE-2026-28952",
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28952.json"
}
],
"title": "CVE-2026-28952"
},
{
"cve": "CVE-2026-28953",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28953 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28953.json"
}
],
"title": "CVE-2026-28953"
},
{
"cve": "CVE-2026-28954",
"notes": [
{
"category": "description",
"text": "A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28954 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28954.json"
}
],
"title": "CVE-2026-28954"
},
{
"cve": "CVE-2026-28955",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28955 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28955.json"
}
],
"title": "CVE-2026-28955"
},
{
"cve": "CVE-2026-28956",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28956 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28956.json"
}
],
"title": "CVE-2026-28956"
},
{
"cve": "CVE-2026-28957",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing applications to capture user screen content via camera metadata was addressed in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, and visionOS 26.5 through enhanced logic controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28957 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28957.json"
}
],
"title": "CVE-2026-28957"
},
{
"cve": "CVE-2026-28958",
"notes": [
{
"category": "description",
"text": "Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28958.json"
}
],
"title": "CVE-2026-28958"
},
{
"cve": "CVE-2026-28959",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28959 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28959.json"
}
],
"title": "CVE-2026-28959"
},
{
"cve": "CVE-2026-28962",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28962.json"
}
],
"title": "CVE-2026-28962"
},
{
"cve": "CVE-2026-28963",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability in iOS 26.5 and iPadOS 26.5 allowed attackers with physical access to exploit Visual Intelligence during iPhone Mirroring to access sensitive data, which was remediated by removing the vulnerable code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28963 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28963.json"
}
],
"title": "CVE-2026-28963"
},
{
"cve": "CVE-2026-28964",
"notes": [
{
"category": "description",
"text": "An inconsistent user interface issue in iOS 16.5, iPadOS 16.5, and visionOS 16.5 that could allow an app to access sensitive user data was resolved through improved state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28964.json"
}
],
"title": "CVE-2026-28964"
},
{
"cve": "CVE-2026-28965",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability in iOS 26.5 and iPadOS 26.5 that allowed users to access restricted content from the lock screen has been addressed through enhanced verification mechanisms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28965.json"
}
],
"title": "CVE-2026-28965"
},
{
"cve": "CVE-2026-28969",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28969 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28969.json"
}
],
"title": "CVE-2026-28969"
},
{
"cve": "CVE-2026-28971",
"notes": [
{
"category": "description",
"text": "A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28971.json"
}
],
"title": "CVE-2026-28971"
},
{
"cve": "CVE-2026-28972",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28972 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28972.json"
}
],
"title": "CVE-2026-28972"
},
{
"cve": "CVE-2026-28974",
"notes": [
{
"category": "description",
"text": "An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28974 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28974.json"
}
],
"title": "CVE-2026-28974"
},
{
"cve": "CVE-2026-28977",
"notes": [
{
"category": "description",
"text": "Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28977.json"
}
],
"title": "CVE-2026-28977"
},
{
"cve": "CVE-2026-28983",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28983 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28983.json"
}
],
"title": "CVE-2026-28983"
},
{
"cve": "CVE-2026-28985",
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28985 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28985.json"
}
],
"title": "CVE-2026-28985"
},
{
"cve": "CVE-2026-28986",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28986 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28986.json"
}
],
"title": "CVE-2026-28986"
},
{
"cve": "CVE-2026-28987",
"notes": [
{
"category": "description",
"text": "A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28987.json"
}
],
"title": "CVE-2026-28987"
},
{
"cve": "CVE-2026-28988",
"notes": [
{
"category": "description",
"text": "A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28988.json"
}
],
"title": "CVE-2026-28988"
},
{
"cve": "CVE-2026-28990",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28990.json"
}
],
"title": "CVE-2026-28990"
},
{
"cve": "CVE-2026-28991",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28991 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28991.json"
}
],
"title": "CVE-2026-28991"
},
{
"cve": "CVE-2026-28992",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28992 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28992.json"
}
],
"title": "CVE-2026-28992"
},
{
"cve": "CVE-2026-28993",
"notes": [
{
"category": "description",
"text": "An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28993 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28993.json"
}
],
"title": "CVE-2026-28993"
},
{
"cve": "CVE-2026-28994",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28994 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28994.json"
}
],
"title": "CVE-2026-28994"
},
{
"cve": "CVE-2026-28995",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28995 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28995.json"
}
],
"title": "CVE-2026-28995"
},
{
"cve": "CVE-2026-28996",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28996.json"
}
],
"title": "CVE-2026-28996"
},
{
"cve": "CVE-2026-39869",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-39869 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39869.json"
}
],
"title": "CVE-2026-39869"
},
{
"cve": "CVE-2026-43653",
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43653.json"
}
],
"title": "CVE-2026-43653"
},
{
"cve": "CVE-2026-43654",
"notes": [
{
"category": "description",
"text": "A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43654.json"
}
],
"title": "CVE-2026-43654"
},
{
"cve": "CVE-2026-43655",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43655.json"
}
],
"title": "CVE-2026-43655"
},
{
"cve": "CVE-2026-43656",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43656.json"
}
],
"title": "CVE-2026-43656"
},
{
"cve": "CVE-2026-43658",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43658 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43658.json"
}
],
"title": "CVE-2026-43658"
},
{
"cve": "CVE-2026-43659",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43659 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43659.json"
}
],
"title": "CVE-2026-43659"
},
{
"cve": "CVE-2026-43660",
"notes": [
{
"category": "description",
"text": "Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43660.json"
}
],
"title": "CVE-2026-43660"
},
{
"cve": "CVE-2026-43661",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43661.json"
}
],
"title": "CVE-2026-43661"
},
{
"cve": "CVE-2026-43666",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43666.json"
}
],
"title": "CVE-2026-43666"
},
{
"cve": "CVE-2026-43668",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43668 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43668.json"
}
],
"title": "CVE-2026-43668"
}
]
}
NCSC-2026-0139
Vulnerability from csaf_ncscnl - Published: 2026-05-12 12:19 - Updated: 2026-05-12 12:19Summary
Kwetsbaarheden verholpen in Apple MacOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van macOS (inclusief Sequoia, Sonoma en Tahoe versies).
Interpretaties: De kwetsbaarheden betreffen onder andere fouten in geheugenbeheer zoals buffer overflows, use-after-free, out-of-bounds read en write, en integer overflow, die kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, of ongeautoriseerde toegang tot kernel- of gebruikersgegevens. Verder zijn er problemen opgelost met betrekking tot sandbox escape, privilege escalatie naar root, bypass van Content Security Policy, onjuiste permissie- en toegangscontrole, race conditions, logging die gevoelige informatie lekt, en bypass van Gatekeeper beveiligingsmechanismen. Sommige kwetsbaarheden kunnen worden misbruikt via speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie van invoer, strengere toegangscontrole, verbeterde geheugen- en statusbeheer, en versterkte sandboxing en logging mechanismen.
Oplossingen: Apple heeft updates uitgebracht voor macOS om de beschreven kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-805: Buffer Access with Incorrect Length Value
An access control vulnerability allowing an application to escape its sandbox environment was mitigated by enforcing stricter sandbox restrictions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.
8.8 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue allowing an app to gain root privileges was addressed with additional restrictions in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.4.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability in macOS Sequoia 15.7.7 and macOS Tahoe 26.5 was addressed by implementing improved bounds checking to prevent unexpected system termination caused by remote attackers.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A privacy vulnerability allowing apps to enumerate a user's installed applications was resolved by removing sensitive data in multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, and macOS Sequoia 15.7.7.
6.5 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A denial of service vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by removing code that allowed an app to modify protected parts of the file system.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic flaw in macOS Tahoe 26.5's file handling was resolved to prevent malicious ZIP archives from circumventing Gatekeeper security checks.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A parsing issue in directory path handling was fixed with improved validation in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 to prevent applications from potentially gaining root privileges.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A consistency issue allowing an app to potentially gain root privileges was resolved through improved state handling in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue allowing an app to potentially access private information was resolved through improved state management in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 that could allow a malicious app to escape its sandbox was resolved by enhancing data redaction.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition in symbolic link handling was fixed in macOS to prevent unauthorized app access to Contacts without user consent.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by enhancing bounds checking to prevent unexpected system termination and unauthorized kernel memory writes.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic flaw causing remote images to display when replying to emails in Mail's Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.5 addressed a permissions vulnerability by implementing additional restrictions to prevent unauthorized app access to protected user data.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was resolved in macOS Tahoe 26.5 by enhancing memory management.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A vulnerability in macOS Tahoe 26.5 allowed attackers with physical access to locked devices to view sensitive user information, which was addressed by enhanced verification checks.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An information leakage vulnerability in macOS Tahoe 26.5 was addressed by implementing additional validation to prevent an app from gaining root privileges.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by adding restrictions to prevent malicious applications from escaping their sandbox environments.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A path handling vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 allowed apps to observe unprotected user data, which was resolved through improved logic.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.5 addressed a permissions vulnerability by implementing additional restrictions to prevent unauthorized app access to protected user data.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
References
85 references
| URL | Category |
|---|---|
| https://support.apple.com/en-us/127115 | external |
| https://support.apple.com/en-us/127116 | external |
| https://support.apple.com/en-us/127117 | external |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft meerdere kwetsbaarheden verholpen in diverse versies van macOS (inclusief Sequoia, Sonoma en Tahoe versies).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen onder andere fouten in geheugenbeheer zoals buffer overflows, use-after-free, out-of-bounds read en write, en integer overflow, die kunnen leiden tot onverwachte applicatie- of systeemcrashes, denial-of-service, of ongeautoriseerde toegang tot kernel- of gebruikersgegevens. Verder zijn er problemen opgelost met betrekking tot sandbox escape, privilege escalatie naar root, bypass van Content Security Policy, onjuiste permissie- en toegangscontrole, race conditions, logging die gevoelige informatie lekt, en bypass van Gatekeeper beveiligingsmechanismen. Sommige kwetsbaarheden kunnen worden misbruikt via speciaal vervaardigde bestanden, webcontent, of netwerkverkeer. De fixes omvatten verbeterde validatie van invoer, strengere toegangscontrole, verbeterde geheugen- en statusbeheer, en versterkte sandboxing en logging mechanismen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht voor macOS om de beschreven kwetsbaarheden te verhelpen. Gebruikers wordt geadviseerd deze updates te installeren om de beveiliging en stabiliteit van hun systemen te waarborgen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Buffer Access with Incorrect Length Value",
"title": "CWE-805"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127115"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127116"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/127117"
}
],
"title": "Kwetsbaarheden verholpen in Apple MacOS",
"tracking": {
"current_release_date": "2026-05-12T12:19:43.540191Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0139",
"initial_release_date": "2026-05-12T12:19:43.540191Z",
"revision_history": [
{
"date": "2026-05-12T12:19:43.540191Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43524",
"notes": [
{
"category": "description",
"text": "An access control vulnerability allowing an application to escape its sandbox environment was mitigated by enforcing stricter sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43524 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43524.json"
}
],
"title": "CVE-2025-43524"
},
{
"cve": "CVE-2026-1837",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "other",
"text": "Buffer Access with Incorrect Length Value",
"title": "CWE-805"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities in libjxl and open source code affecting Apple Software allow specially crafted image files to cause uninitialized memory read/write and denial-of-service conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-1837 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1837.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-1837"
},
{
"cve": "CVE-2026-28819",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability allowing arbitrary code execution with kernel privileges was fixed by improved bounds checking in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28819 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28819.json"
}
],
"title": "CVE-2026-28819"
},
{
"cve": "CVE-2026-28840",
"notes": [
{
"category": "description",
"text": "A permissions issue allowing an app to gain root privileges was addressed with additional restrictions in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28840 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28840.json"
}
],
"title": "CVE-2026-28840"
},
{
"cve": "CVE-2026-28846",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability causing unexpected app termination has been fixed with improved bounds checking across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28846 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28846.json"
}
],
"title": "CVE-2026-28846"
},
{
"cve": "CVE-2026-28847",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28847 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28847.json"
}
],
"title": "CVE-2026-28847"
},
{
"cve": "CVE-2026-28848",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in macOS Sequoia 15.7.7 and macOS Tahoe 26.5 was addressed by implementing improved bounds checking to prevent unexpected system termination caused by remote attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28848 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28848.json"
}
],
"title": "CVE-2026-28848"
},
{
"cve": "CVE-2026-28878",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability allowing apps to enumerate a user\u0027s installed applications was resolved by removing sensitive data in multiple Apple operating systems including iOS 18.7.7, iPadOS 18.7.7, and macOS Sequoia 15.7.7.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28878 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28878.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-28878"
},
{
"cve": "CVE-2026-28883",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability causing potential process crashes when processing malicious web content was fixed in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS 26.5 through improved memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28883 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28883.json"
}
],
"title": "CVE-2026-28883"
},
{
"cve": "CVE-2026-28897",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in multiple Apple OS versions was fixed by enhancing input validation to prevent local users from causing unexpected system termination or accessing kernel memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28897.json"
}
],
"title": "CVE-2026-28897"
},
{
"cve": "CVE-2026-28901",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28901.json"
}
],
"title": "CVE-2026-28901"
},
{
"cve": "CVE-2026-28902",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when processing maliciously crafted web content was resolved through improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28902 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28902.json"
}
],
"title": "CVE-2026-28902"
},
{
"cve": "CVE-2026-28903",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28903.json"
}
],
"title": "CVE-2026-28903"
},
{
"cve": "CVE-2026-28904",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28904.json"
}
],
"title": "CVE-2026-28904"
},
{
"cve": "CVE-2026-28905",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes when handling malicious web content was resolved through improved memory management in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28905 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28905.json"
}
],
"title": "CVE-2026-28905"
},
{
"cve": "CVE-2026-28906",
"notes": [
{
"category": "description",
"text": "An IP address tracking vulnerability affecting multiple Apple operating systems was resolved through improved state management in versions including iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28906.json"
}
],
"title": "CVE-2026-28906"
},
{
"cve": "CVE-2026-28907",
"notes": [
{
"category": "description",
"text": "An input validation flaw allowing Content Security Policy enforcement bypass was resolved in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28907.json"
}
],
"title": "CVE-2026-28907"
},
{
"cve": "CVE-2026-28908",
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by removing code that allowed an app to modify protected parts of the file system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28908 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28908.json"
}
],
"title": "CVE-2026-28908"
},
{
"cve": "CVE-2026-28913",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected process crashes due to maliciously crafted web content was resolved by improved memory handling in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28913.json"
}
],
"title": "CVE-2026-28913"
},
{
"cve": "CVE-2026-28914",
"notes": [
{
"category": "description",
"text": "A logic flaw in macOS Tahoe 26.5\u0027s file handling was resolved to prevent malicious ZIP archives from circumventing Gatekeeper security checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28914 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28914.json"
}
],
"title": "CVE-2026-28914"
},
{
"cve": "CVE-2026-28915",
"notes": [
{
"category": "description",
"text": "A parsing issue in directory path handling was fixed with improved validation in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 to prevent applications from potentially gaining root privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28915 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28915.json"
}
],
"title": "CVE-2026-28915"
},
{
"cve": "CVE-2026-28917",
"notes": [
{
"category": "description",
"text": "An input validation flaw causing unexpected process crashes when handling malicious web content was resolved in multiple Apple operating systems including iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions 18.7.9 and 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28917.json"
}
],
"title": "CVE-2026-28917"
},
{
"cve": "CVE-2026-28918",
"notes": [
{
"category": "description",
"text": "An out-of-bounds access vulnerability was addressed by enhancing bounds checking to prevent unexpected application termination when parsing maliciously crafted files across multiple Apple operating systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28918.json"
}
],
"title": "CVE-2026-28918"
},
{
"cve": "CVE-2026-28919",
"notes": [
{
"category": "description",
"text": "A consistency issue allowing an app to potentially gain root privileges was resolved through improved state handling in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28919 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28919.json"
}
],
"title": "CVE-2026-28919"
},
{
"cve": "CVE-2026-28920",
"notes": [
{
"category": "description",
"text": "An information leakage vulnerability caused by visiting malicious websites was addressed through additional validation in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28920.json"
}
],
"title": "CVE-2026-28920"
},
{
"cve": "CVE-2026-28922",
"notes": [
{
"category": "description",
"text": "An issue allowing an app to potentially access private information was resolved through improved state management in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28922 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28922.json"
}
],
"title": "CVE-2026-28922"
},
{
"cve": "CVE-2026-28923",
"notes": [
{
"category": "description",
"text": "A logging vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 that could allow a malicious app to escape its sandbox was resolved by enhancing data redaction.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28923 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28923.json"
}
],
"title": "CVE-2026-28923"
},
{
"cve": "CVE-2026-28924",
"notes": [
{
"category": "description",
"text": "A race condition in symbolic link handling was fixed in macOS to prevent unauthorized app access to Contacts without user consent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28924.json"
}
],
"title": "CVE-2026-28924"
},
{
"cve": "CVE-2026-28925",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by enhancing bounds checking to prevent unexpected system termination and unauthorized kernel memory writes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28925 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28925.json"
}
],
"title": "CVE-2026-28925"
},
{
"cve": "CVE-2026-28929",
"notes": [
{
"category": "description",
"text": "A logic flaw causing remote images to display when replying to emails in Mail\u0027s Lockdown Mode was fixed with enhanced checks in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28929.json"
}
],
"title": "CVE-2026-28929"
},
{
"cve": "CVE-2026-28930",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.5 addressed a permissions vulnerability by implementing additional restrictions to prevent unauthorized app access to protected user data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28930 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28930.json"
}
],
"title": "CVE-2026-28930"
},
{
"cve": "CVE-2026-28936",
"notes": [
{
"category": "description",
"text": "An issue causing unexpected application termination when processing maliciously crafted files was resolved through enhanced validation checks in multiple Apple operating systems including iOS, iPadOS, macOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28936.json"
}
],
"title": "CVE-2026-28936"
},
{
"cve": "CVE-2026-28940",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability triggered by processing maliciously crafted images was addressed through enhanced memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28940 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28940.json"
}
],
"title": "CVE-2026-28940"
},
{
"cve": "CVE-2026-28941",
"notes": [
{
"category": "description",
"text": "Apple has addressed a denial-of-service and potential memory disclosure vulnerability caused by processing malicious files through enhanced validation in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28941.json"
}
],
"title": "CVE-2026-28941"
},
{
"cve": "CVE-2026-28942",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28942 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28942.json"
}
],
"title": "CVE-2026-28942"
},
{
"cve": "CVE-2026-28943",
"notes": [
{
"category": "description",
"text": "A logging issue was fixed by enhancing data redaction across multiple OS versions to prevent applications from determining the kernel memory layout.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28943 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28943.json"
}
],
"title": "CVE-2026-28943"
},
{
"cve": "CVE-2026-28944",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing unexpected process crashes when processing malicious web content was resolved in iOS 16.5, iPadOS 16.5, macOS Tahoe 16.5, and visionOS 16.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28944.json"
}
],
"title": "CVE-2026-28944"
},
{
"cve": "CVE-2026-28946",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was resolved in macOS Tahoe 26.5 by enhancing memory management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28946 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28946.json"
}
],
"title": "CVE-2026-28946"
},
{
"cve": "CVE-2026-28947",
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in Safari causing unexpected crashes when processing malicious web content was fixed via improved memory management in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS version 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28947 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28947.json"
}
],
"title": "CVE-2026-28947"
},
{
"cve": "CVE-2026-28951",
"notes": [
{
"category": "description",
"text": "An authorization vulnerability allowing an app to gain root privileges was resolved through improved state management across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and various macOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28951.json"
}
],
"title": "CVE-2026-28951"
},
{
"cve": "CVE-2026-28952",
"notes": [
{
"category": "description",
"text": "An integer overflow vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by enhancing input validation to prevent apps from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28952.json"
}
],
"title": "CVE-2026-28952"
},
{
"cve": "CVE-2026-28953",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28953 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28953.json"
}
],
"title": "CVE-2026-28953"
},
{
"cve": "CVE-2026-28954",
"notes": [
{
"category": "description",
"text": "A file quarantine bypass vulnerability in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS versions was fixed by adding additional checks to prevent malicious disk images from bypassing Gatekeeper.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28954 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28954.json"
}
],
"title": "CVE-2026-28954"
},
{
"cve": "CVE-2026-28955",
"notes": [
{
"category": "description",
"text": "Apple addressed unexpected process crashes caused by malicious web content through improved memory handling in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28955 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28955.json"
}
],
"title": "CVE-2026-28955"
},
{
"cve": "CVE-2026-28956",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing malicious media files was fixed through improved input validation in multiple Apple OS versions, including iOS 16.5 and macOS Sequoia 15.7.7, preventing app crashes and memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28956 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28956.json"
}
],
"title": "CVE-2026-28956"
},
{
"cve": "CVE-2026-28958",
"notes": [
{
"category": "description",
"text": "Apple fixed a vulnerability in iOS 16.5, iPadOS 16.5, macOS Sonoma 14.5, and visionOS 16.5 that previously allowed apps to access sensitive user data by enhancing data protection mechanisms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28958.json"
}
],
"title": "CVE-2026-28958"
},
{
"cve": "CVE-2026-28959",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability affecting multiple OS versions was fixed by enhancing bounds checking to prevent applications from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28959 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28959.json"
}
],
"title": "CVE-2026-28959"
},
{
"cve": "CVE-2026-28961",
"notes": [
{
"category": "description",
"text": "A vulnerability in macOS Tahoe 26.5 allowed attackers with physical access to locked devices to view sensitive user information, which was addressed by enhanced verification checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28961.json"
}
],
"title": "CVE-2026-28961"
},
{
"cve": "CVE-2026-28962",
"notes": [
{
"category": "description",
"text": "A vulnerability allowing disclosure of sensitive user information via malicious web content was addressed by enhanced access restrictions in iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28962.json"
}
],
"title": "CVE-2026-28962"
},
{
"cve": "CVE-2026-28969",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability was fixed through improved memory management in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unexpected system termination caused by apps.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28969 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28969.json"
}
],
"title": "CVE-2026-28969"
},
{
"cve": "CVE-2026-28971",
"notes": [
{
"category": "description",
"text": "A malicious iframe exploiting download settings was addressed by improved UI handling and fixed in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28971 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28971.json"
}
],
"title": "CVE-2026-28971"
},
{
"cve": "CVE-2026-28972",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability affecting multiple Apple operating systems was fixed by improved input validation to prevent apps from causing unexpected system termination or writing kernel memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28972 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28972.json"
}
],
"title": "CVE-2026-28972"
},
{
"cve": "CVE-2026-28974",
"notes": [
{
"category": "description",
"text": "An issue causing denial-of-service was resolved through enhanced validation checks in iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28974 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28974.json"
}
],
"title": "CVE-2026-28974"
},
{
"cve": "CVE-2026-28976",
"notes": [
{
"category": "description",
"text": "An information leakage vulnerability in macOS Tahoe 26.5 was addressed by implementing additional validation to prevent an app from gaining root privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28976.json"
}
],
"title": "CVE-2026-28976"
},
{
"cve": "CVE-2026-28977",
"notes": [
{
"category": "description",
"text": "Improved bounds checks resolved an issue causing unexpected application termination when processing maliciously crafted files across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28977 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28977.json"
}
],
"title": "CVE-2026-28977"
},
{
"cve": "CVE-2026-28978",
"notes": [
{
"category": "description",
"text": "A permissions issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 was fixed by adding restrictions to prevent malicious applications from escaping their sandbox environments.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28978 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28978.json"
}
],
"title": "CVE-2026-28978"
},
{
"cve": "CVE-2026-28983",
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was addressed with enhanced validation checks in multiple operating systems, including iOS 18.7.9 and macOS Tahoe 26.5, preventing remote attackers from causing denial of service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28983 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28983.json"
}
],
"title": "CVE-2026-28983"
},
{
"cve": "CVE-2026-28985",
"notes": [
{
"category": "description",
"text": "A null pointer dereference vulnerability in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and tvOS 26.5 was fixed by improving input validation to prevent local network attackers from causing denial-of-service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28985 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28985.json"
}
],
"title": "CVE-2026-28985"
},
{
"cve": "CVE-2026-28986",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability was resolved through additional validation across multiple OS versions to prevent applications from causing unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28986 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28986.json"
}
],
"title": "CVE-2026-28986"
},
{
"cve": "CVE-2026-28987",
"notes": [
{
"category": "description",
"text": "A logging issue in multiple Apple operating systems, including iOS 18.7.9 and macOS Sequoia 15.7.7, was fixed by improving data redaction to prevent apps from leaking sensitive kernel state information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28987.json"
}
],
"title": "CVE-2026-28987"
},
{
"cve": "CVE-2026-28988",
"notes": [
{
"category": "description",
"text": "A permissions vulnerability allowing apps to bypass certain Privacy preferences was resolved with additional restrictions in iOS 16.5, iPadOS 16.5, macOS Sonoma 16.5, visionOS 16.5, and watchOS 16.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28988.json"
}
],
"title": "CVE-2026-28988"
},
{
"cve": "CVE-2026-28990",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28990.json"
}
],
"title": "CVE-2026-28990"
},
{
"cve": "CVE-2026-28991",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability in iOS 26.5 and related OS versions was fixed by implementing improved bounds checking to prevent potential denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28991 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28991.json"
}
],
"title": "CVE-2026-28991"
},
{
"cve": "CVE-2026-28992",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability in multiple Apple operating systems was fixed by enhancing locking mechanisms to prevent attackers from causing unexpected application termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28992 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28992.json"
}
],
"title": "CVE-2026-28992"
},
{
"cve": "CVE-2026-28993",
"notes": [
{
"category": "description",
"text": "An issue where apps could access user-sensitive data was addressed by introducing an additional user consent prompt across multiple OS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28993 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28993.json"
}
],
"title": "CVE-2026-28993"
},
{
"cve": "CVE-2026-28994",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability in Wi-Fi packet processing, exploitable by attackers in privileged network positions to cause denial-of-service, was fixed through improved memory management in multiple Apple OS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28994 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28994.json"
}
],
"title": "CVE-2026-28994"
},
{
"cve": "CVE-2026-28995",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved by implementing enhanced restrictions across multiple Apple OS versions to prevent malicious applications from escaping their sandbox environments.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28995 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28995.json"
}
],
"title": "CVE-2026-28995"
},
{
"cve": "CVE-2026-28996",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability allowing unauthorized app access to sensitive user data was fixed with additional validation across multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-28996 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-28996.json"
}
],
"title": "CVE-2026-28996"
},
{
"cve": "CVE-2026-39869",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing process termination when processing malicious audio streams was fixed across multiple Apple OS versions including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-39869 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39869.json"
}
],
"title": "CVE-2026-39869"
},
{
"cve": "CVE-2026-39870",
"notes": [
{
"category": "description",
"text": "A memory corruption vulnerability caused by processing a maliciously crafted image was resolved through improved memory handling in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-39870 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39870.json"
}
],
"title": "CVE-2026-39870"
},
{
"cve": "CVE-2026-39871",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 allowed apps to observe unprotected user data, which was resolved through improved logic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-39871 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-39871.json"
}
],
"title": "CVE-2026-39871"
},
{
"cve": "CVE-2026-43652",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.5 addressed a permissions vulnerability by implementing additional restrictions to prevent unauthorized app access to protected user data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43652.json"
}
],
"title": "CVE-2026-43652"
},
{
"cve": "CVE-2026-43653",
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability exploitable by a local network attacker was fixed through improved memory handling in multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sonoma 14.8.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43653.json"
}
],
"title": "CVE-2026-43653"
},
{
"cve": "CVE-2026-43654",
"notes": [
{
"category": "description",
"text": "A kernel memory disclosure vulnerability was resolved through enhanced memory handling across multiple Apple operating systems including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43654.json"
}
],
"title": "CVE-2026-43654"
},
{
"cve": "CVE-2026-43655",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was addressed through enhanced bounds checking in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5 to prevent unexpected system termination and unauthorized kernel memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43655.json"
}
],
"title": "CVE-2026-43655"
},
{
"cve": "CVE-2026-43656",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in iOS, iPadOS, and macOS caused by parsing maliciously crafted files was fixed by improving input validation to prevent unexpected application termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43656.json"
}
],
"title": "CVE-2026-43656"
},
{
"cve": "CVE-2026-43658",
"notes": [
{
"category": "description",
"text": "A memory handling flaw causing Safari to crash when processing malicious web content was resolved in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43658 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43658.json"
}
],
"title": "CVE-2026-43658"
},
{
"cve": "CVE-2026-43659",
"notes": [
{
"category": "description",
"text": "A race condition vulnerability was addressed through additional validation in multiple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, preventing unauthorized access to sensitive user data by applications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43659 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43659.json"
}
],
"title": "CVE-2026-43659"
},
{
"cve": "CVE-2026-43660",
"notes": [
{
"category": "description",
"text": "Apple has fixed a validation issue in iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS that could allow malicious web content to bypass Content Security Policy enforcement in their 26.5 and 18.7.9 updates.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43660.json"
}
],
"title": "CVE-2026-43660"
},
{
"cve": "CVE-2026-43661",
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability in iOS, iPadOS, macOS Tahoe, tvOS, and watchOS 26.5 was fixed by enhancing memory handling to prevent process memory corruption from maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43661.json"
}
],
"title": "CVE-2026-43661"
},
{
"cve": "CVE-2026-43666",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in multiple Apple operating systems, including iOS 18.7.9, iPadOS 18.7.9, and macOS Sequoia 15.7.7, was fixed by improved bounds checking to prevent local network denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43666.json"
}
],
"title": "CVE-2026-43666"
},
{
"cve": "CVE-2026-43668",
"notes": [
{
"category": "description",
"text": "A use after free vulnerability in multiple Apple OS versions, including iOS 18.7.9 and macOS Sequoia 15.7.7, could allow a remote attacker to cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43668 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43668.json"
}
],
"title": "CVE-2026-43668"
}
]
}
RHSA-2026:25918
Vulnerability from csaf_redhat - Published: 2026-06-15 06:47 - Updated: 2026-06-30 04:25Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
85 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25918 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2471790 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483955 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483956 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483957 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483958 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483959 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483960 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483961 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483962 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483963 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483964 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483965 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483966 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483967 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483968 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483969 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-28847 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483955 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28847 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28847 | external |
| https://webkitgtk.org/security/WSA-2026-0003.html | external |
| https://access.redhat.com/security/cve/CVE-2026-28883 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483956 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28883 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28883 | external |
| https://access.redhat.com/security/cve/CVE-2026-28901 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483957 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28901 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28901 | external |
| https://access.redhat.com/security/cve/CVE-2026-28902 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483958 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28902 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28902 | external |
| https://access.redhat.com/security/cve/CVE-2026-28903 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483959 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28903 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28903 | external |
| https://access.redhat.com/security/cve/CVE-2026-28904 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483960 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28904 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28904 | external |
| https://access.redhat.com/security/cve/CVE-2026-28905 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483961 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28905 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28905 | external |
| https://access.redhat.com/security/cve/CVE-2026-28907 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483962 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28907 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28907 | external |
| https://access.redhat.com/security/cve/CVE-2026-28942 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483963 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28942 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28942 | external |
| https://access.redhat.com/security/cve/CVE-2026-28946 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2471790 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28946 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28946 | external |
| https://support.apple.com/en-us/127115 | external |
| https://access.redhat.com/security/cve/CVE-2026-28947 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483964 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28947 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28947 | external |
| https://access.redhat.com/security/cve/CVE-2026-28953 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483965 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28953 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28953 | external |
| https://access.redhat.com/security/cve/CVE-2026-28955 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483966 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28955 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28955 | external |
| https://access.redhat.com/security/cve/CVE-2026-28958 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483967 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28958 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28958 | external |
| https://access.redhat.com/security/cve/CVE-2026-43658 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483968 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43658 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43658 | external |
| https://access.redhat.com/security/cve/CVE-2026-43660 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483969 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43660 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43660 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)\n\n* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25918",
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2471790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2471790"
},
{
"category": "external",
"summary": "2483955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483955"
},
{
"category": "external",
"summary": "2483956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483956"
},
{
"category": "external",
"summary": "2483957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483957"
},
{
"category": "external",
"summary": "2483958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483958"
},
{
"category": "external",
"summary": "2483959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483959"
},
{
"category": "external",
"summary": "2483960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483960"
},
{
"category": "external",
"summary": "2483961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483961"
},
{
"category": "external",
"summary": "2483962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483962"
},
{
"category": "external",
"summary": "2483963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"category": "external",
"summary": "2483964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483964"
},
{
"category": "external",
"summary": "2483965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483965"
},
{
"category": "external",
"summary": "2483966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483966"
},
{
"category": "external",
"summary": "2483967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483967"
},
{
"category": "external",
"summary": "2483968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483968"
},
{
"category": "external",
"summary": "2483969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483969"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25918.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-06-30T04:25:47+00:00",
"generator": {
"date": "2026-06-30T04:25:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:25918",
"initial_release_date": "2026-06-15T06:47:41+00:00",
"revision_history": [
{
"date": "2026-06-15T06:47:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-15T06:47:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:25:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el8_10.src",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.src",
"product_id": "webkit2gtk3-0:2.52.4-1.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-28847",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:23:23.303000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483955"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28847"
},
{
"category": "external",
"summary": "RHBZ#2483955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483955"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28847"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28883",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-06-02T13:25:55.343000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28883"
},
{
"category": "external",
"summary": "RHBZ#2483956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28883"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28901",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:27:02.510000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28901"
},
{
"category": "external",
"summary": "RHBZ#2483957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28901"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28902",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:28:05.968000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28902"
},
{
"category": "external",
"summary": "RHBZ#2483958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28902"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28903",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:29:25.564000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28903"
},
{
"category": "external",
"summary": "RHBZ#2483959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28903"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28904",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:30:31.176000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28904"
},
{
"category": "external",
"summary": "RHBZ#2483960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28904"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28905",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:31:47.863000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28905"
},
{
"category": "external",
"summary": "RHBZ#2483961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28905"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28907",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2026-06-02T13:32:55.743000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28907"
},
{
"category": "external",
"summary": "RHBZ#2483962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28907"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-28942",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-06-02T13:33:49.917000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"category": "external",
"summary": "RHBZ#2483963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-28946",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-05-11T21:08:21.720172+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2471790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28946"
},
{
"category": "external",
"summary": "RHBZ#2471790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2471790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28946"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/127115",
"url": "https://support.apple.com/en-us/127115"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-28947",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-06-02T13:38:17.466000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28947"
},
{
"category": "external",
"summary": "RHBZ#2483964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28947"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-28953",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:39:17.634000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483965"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28953"
},
{
"category": "external",
"summary": "RHBZ#2483965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483965"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28953"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28955",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:40:14.685000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28955"
},
{
"category": "external",
"summary": "RHBZ#2483966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28955"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28958",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2026-06-02T13:40:57.520000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483967"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: An app may be able to access sensitive user data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28958"
},
{
"category": "external",
"summary": "RHBZ#2483967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483967"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28958"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: An app may be able to access sensitive user data"
},
{
"cve": "CVE-2026-43658",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:41:54.657000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43658"
},
{
"category": "external",
"summary": "RHBZ#2483968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43658"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-43660",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-06-02T13:42:42.007000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483969"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43660"
},
{
"category": "external",
"summary": "RHBZ#2483969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483969"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43660"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T06:47:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25918"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
}
]
}
RHSA-2026:25927
Vulnerability from csaf_redhat - Published: 2026-06-15 10:20 - Updated: 2026-06-30 04:25Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
85 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25927 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2471790 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483955 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483956 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483957 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483958 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483959 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483960 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483961 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483962 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483963 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483964 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483965 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483966 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483967 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483968 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483969 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-28847 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483955 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28847 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28847 | external |
| https://webkitgtk.org/security/WSA-2026-0003.html | external |
| https://access.redhat.com/security/cve/CVE-2026-28883 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483956 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28883 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28883 | external |
| https://access.redhat.com/security/cve/CVE-2026-28901 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483957 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28901 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28901 | external |
| https://access.redhat.com/security/cve/CVE-2026-28902 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483958 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28902 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28902 | external |
| https://access.redhat.com/security/cve/CVE-2026-28903 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483959 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28903 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28903 | external |
| https://access.redhat.com/security/cve/CVE-2026-28904 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483960 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28904 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28904 | external |
| https://access.redhat.com/security/cve/CVE-2026-28905 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483961 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28905 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28905 | external |
| https://access.redhat.com/security/cve/CVE-2026-28907 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483962 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28907 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28907 | external |
| https://access.redhat.com/security/cve/CVE-2026-28942 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483963 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28942 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28942 | external |
| https://access.redhat.com/security/cve/CVE-2026-28946 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2471790 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28946 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28946 | external |
| https://support.apple.com/en-us/127115 | external |
| https://access.redhat.com/security/cve/CVE-2026-28947 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483964 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28947 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28947 | external |
| https://access.redhat.com/security/cve/CVE-2026-28953 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483965 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28953 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28953 | external |
| https://access.redhat.com/security/cve/CVE-2026-28955 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483966 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28955 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28955 | external |
| https://access.redhat.com/security/cve/CVE-2026-28958 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483967 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-28958 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-28958 | external |
| https://access.redhat.com/security/cve/CVE-2026-43658 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483968 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43658 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43658 | external |
| https://access.redhat.com/security/cve/CVE-2026-43660 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483969 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43660 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43660 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)\n\n* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25927",
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2471790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2471790"
},
{
"category": "external",
"summary": "2483955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483955"
},
{
"category": "external",
"summary": "2483956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483956"
},
{
"category": "external",
"summary": "2483957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483957"
},
{
"category": "external",
"summary": "2483958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483958"
},
{
"category": "external",
"summary": "2483959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483959"
},
{
"category": "external",
"summary": "2483960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483960"
},
{
"category": "external",
"summary": "2483961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483961"
},
{
"category": "external",
"summary": "2483962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483962"
},
{
"category": "external",
"summary": "2483963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"category": "external",
"summary": "2483964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483964"
},
{
"category": "external",
"summary": "2483965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483965"
},
{
"category": "external",
"summary": "2483966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483966"
},
{
"category": "external",
"summary": "2483967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483967"
},
{
"category": "external",
"summary": "2483968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483968"
},
{
"category": "external",
"summary": "2483969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483969"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25927.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-06-30T04:25:48+00:00",
"generator": {
"date": "2026-06-30T04:25:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:25927",
"initial_release_date": "2026-06-15T10:20:41+00:00",
"revision_history": [
{
"date": "2026-06-15T10:20:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-15T10:20:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:25:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el9_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el9_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el9_8.src",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.src",
"product_id": "webkit2gtk3-0:2.52.4-1.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el9_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el9_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.4-1.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.4-1.el9_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-28847",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:23:23.303000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483955"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28847"
},
{
"category": "external",
"summary": "RHBZ#2483955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483955"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28847"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28883",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-06-02T13:25:55.343000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28883"
},
{
"category": "external",
"summary": "RHBZ#2483956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28883"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28901",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:27:02.510000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28901"
},
{
"category": "external",
"summary": "RHBZ#2483957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28901",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28901"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28902",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:28:05.968000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483958"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28902"
},
{
"category": "external",
"summary": "RHBZ#2483958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28902",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28902"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28903",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:29:25.564000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28903"
},
{
"category": "external",
"summary": "RHBZ#2483959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28903"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28904",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:30:31.176000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28904"
},
{
"category": "external",
"summary": "RHBZ#2483960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28904"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28905",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:31:47.863000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28905"
},
{
"category": "external",
"summary": "RHBZ#2483961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28905"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28907",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2026-06-02T13:32:55.743000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28907"
},
{
"category": "external",
"summary": "RHBZ#2483962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28907"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-28942",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-06-02T13:33:49.917000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28942"
},
{
"category": "external",
"summary": "RHBZ#2483963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-28946",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-05-11T21:08:21.720172+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2471790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28946"
},
{
"category": "external",
"summary": "RHBZ#2471790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2471790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28946"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/127115",
"url": "https://support.apple.com/en-us/127115"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-28947",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-06-02T13:38:17.466000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28947"
},
{
"category": "external",
"summary": "RHBZ#2483964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28947"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-28953",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:39:17.634000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483965"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28953"
},
{
"category": "external",
"summary": "RHBZ#2483965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483965"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28953"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28955",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:40:14.685000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28955"
},
{
"category": "external",
"summary": "RHBZ#2483966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28955"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28958",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2026-06-02T13:40:57.520000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483967"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: An app may be able to access sensitive user data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28958"
},
{
"category": "external",
"summary": "RHBZ#2483967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483967"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28958"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: An app may be able to access sensitive user data"
},
{
"cve": "CVE-2026-43658",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-02T13:41:54.657000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43658"
},
{
"category": "external",
"summary": "RHBZ#2483968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43658"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2026-43660",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-06-02T13:42:42.007000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483969"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43660"
},
{
"category": "external",
"summary": "RHBZ#2483969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483969"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43660"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0003.html",
"url": "https://webkitgtk.org/security/WSA-2026-0003.html"
}
],
"release_date": "2026-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:20:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25927"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…