RHSA-2026:22634
Vulnerability from csaf_redhat - Published: 2026-06-02 18:37 - Updated: 2026-06-04 12:38Summary
Red Hat Security Advisory: Insights proxy Container Image
Severity
Important
Notes
Topic: Initial GA Release of Red Hat Insights proxy
Details: The Insights proxy Container is used by the Insights proxy product RPM
and serves as an intermediary between cystomer systems in disconnected networks,
air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing
a layer of privary and security for disconnected customer systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.
4.0 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
6.7 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.
8.2 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
101 references
Acknowledgments
Sovereign Tech Agency
Sovereign Tech Resilience program
treeplus
Codean Labs
Red Hat
Zoltan Fridrich
Ali Raza
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22634",
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14087",
"url": "https://access.redhat.com/security/cve/CVE-2025-14087"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14512",
"url": "https://access.redhat.com/security/cve/CVE-2025-14512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2100",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28390",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29111",
"url": "https://access.redhat.com/security/cve/CVE-2026-29111"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40355",
"url": "https://access.redhat.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40356",
"url": "https://access.redhat.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4046",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4437",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4438",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4878",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22634.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-06-04T12:38:50+00:00",
"generator": {
"date": "2026-06-04T12:38:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:22634",
"initial_release_date": "2026-06-02T18:37:55+00:00",
"revision_history": [
{
"date": "2026-06-02T18:37:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T18:37:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T12:38:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1780420428"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1780420428"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sovereign Tech Resilience program"
],
"organization": "Sovereign Tech Agency"
},
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2025-14087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-12-05T08:35:24.744000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419093"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The highest threat is to system availability due to potential application crashes when processing maliciously crafted input strings through GLib\u0027s GVariant parser. This issue affects applications that utilize g_variant_parse() on untrusted data, leading to memory corruption and possible denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14087"
},
{
"category": "external",
"summary": "RHBZ#2419093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption"
},
{
"acknowledgments": [
{
"names": [
"Codean Labs"
]
}
],
"cve": "CVE-2025-14512",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-12-11T06:22:59.701000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2421339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib\u0027s GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products because an integer overflow in GLib\u0027s GIO `escape_byte_string()` function can lead to a heap buffer overflow and denial-of-service. This occurs when processing specially crafted file or remote filesystem attribute values, requiring an attacker to provide malicious input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14512"
},
{
"category": "external",
"summary": "RHBZ#2421339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845"
}
],
"release_date": "2025-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow"
},
{
"acknowledgments": [
{
"names": [
"Zoltan Fridrich"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-2100",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-02-06T12:02:49.002000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437308"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in p11-kit allows a remote attacker to cause an application level denial of service or unpredictable system states. Exploitation occurs when the C_DeriveKey function is called on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This affects Red Hat Enterprise Linux 9.8 and 10.2, Fedora 42 and 43, and Red Hat In-Vehicle OS 2.0. Other Red Hat products, including OpenShift Container Platform and various RHEL versions, are not affected as the vulnerable code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "RHBZ#2437308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://github.com/p11-glue/p11-kit/pull/740",
"url": "https://github.com/p11-glue/p11-kit/pull/740"
}
],
"release_date": "2026-02-06T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters"
},
{
"cve": "CVE-2026-4046",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-30T18:01:19.326391+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453117"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Denial of Service via iconv() function with specific character sets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact posed by this flaw is limited on Red Hat systems. The affected iconv() function has been separated out into a an independent package (`glibc-gconv-extra`) and is not used in system critical software. Some applications do rely on this package and may be affected, but they are either interactive applications or are configured to restart in the event of a crash.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "RHBZ#2453117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/",
"url": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD",
"url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD"
}
],
"release_date": "2026-03-30T17:16:11.021000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Denial of Service via iconv() function with specific character sets"
},
{
"cve": "CVE-2026-4437",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-20T21:01:45.993907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in glibc allows a remote attacker to send a specially crafted DNS response when an application uses `gethostbyaddr` or `gethostbyaddr_r` with glibc\u0027s DNS backend configured in `nsswitch.conf`. This can lead to incorrect interpretation of DNS responses. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as OpenShift Container Platform, are affected if applications are configured to use the vulnerable DNS backend.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "RHBZ#2449777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
}
],
"release_date": "2026-03-20T19:59:00.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response"
},
{
"cve": "CVE-2026-4438",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2026-03-20T21:02:16.458842+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449783"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a LOW impact flaw where glibc\u0027s `gethostbyaddr` and `gethostbyaddr_r` functions may return an invalid DNS hostname. This occurs when applications use a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend. This could lead to applications receiving incorrect hostname information, potentially affecting network operations or security decisions on Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "RHBZ#2449783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
}
],
"release_date": "2026-03-20T19:59:06.064000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions"
},
{
"acknowledgments": [
{
"names": [
"Ali Raza"
]
}
],
"cve": "CVE-2026-4878",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-26T06:56:21.213270+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. A Time-of-Check-to-Time-of-Use (TOCTOU) race condition in libcap\u0027s cap_set_file() allows a local unprivileged user to escalate privileges. An attacker with write access to a parent directory can exploit a narrow window during file capability updates to redirect capabilities to an attacker-controlled file. This can lead to the injection of elevated privileges into an unintended executable when privileged processes, such as setcap or container tooling, invoke cap_set_file() on attacker-influenced paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "RHBZ#2451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
}
],
"release_date": "2026-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
},
{
"cve": "CVE-2026-28390",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-07T23:01:18.313921+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as moderate by redhat because the vulnerability is limited to a denial-of-service condition caused by a NULL pointer dereference in OpenSSL CMS processing, without evidence of memory corruption or code execution, furthermore the Affected functionality is niche. The vulnerable path requires:\nCMS/S/MIME processing,\nspecifically CMS_decrypt(),\nwith RSA-OAEP KeyTransportRecipientInfo.\nMany OpenSSL consumers never use CMS APIs, never process S/MIME,\nor do not decrypt attacker-controlled CMS objects.\nSo exposure is far narrower than a generic TLS parsing vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "RHBZ#2456314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc",
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6",
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4",
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788",
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75",
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T22:00:54.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Applications that process Cryptographic Message Syntax (CMS) EnvelopedData messages should be configured to only accept input from trusted sources. Restricting network access to services that process untrusted CMS data can also reduce exposure to this Denial of Service vulnerability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
},
{
"cve": "CVE-2026-29111",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T22:01:54.593547+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29111"
},
{
"category": "external",
"summary": "RHBZ#2450505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a",
"url": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6",
"url": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412",
"url": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd",
"url": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f",
"url": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f",
"url": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69",
"url": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6",
"url": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c",
"url": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8",
"url": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8"
},
{
"category": "external",
"summary": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764",
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764"
}
],
"release_date": "2026-03-23T21:03:56.120000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-34982",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-06T16:02:10.004743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: arbitrary command execution via modeline sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34982"
},
{
"category": "external",
"summary": "RHBZ#2455400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
"url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
"url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
}
],
"release_date": "2026-04-06T15:16:48.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vim: arbitrary command execution via modeline sandbox bypass"
},
{
"cve": "CVE-2026-40355",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-28T07:01:45.120520+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system\u0027s GSSAPI configuration, which is not a default state in all Red Hat environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "RHBZ#2463370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355"
},
{
"category": "external",
"summary": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/advisories/",
"url": "https://web.mit.edu/kerberos/advisories/"
}
],
"release_date": "2026-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "To mitigate this issue, remove the NegoEx mechanism registration from the system\u0027s GSSAPI configuration if it is not required. This can typically be achieved by removing or commenting out the relevant entry in `/etc/gss/mech`. A restart of services utilizing Kerberos might be necessary for the changes to take effect, which could impact Kerberos-dependent functionality.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism"
},
{
"cve": "CVE-2026-40356",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-04-28T07:01:37.543641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact denial of service flaw in MIT Kerberos 5 (krb5) allows an unauthenticated remote attacker to trigger an integer underflow and out-of-bounds read. This vulnerability, which can lead to process termination, specifically affects systems where the NegoEx mechanism is registered and `gss_accept_sec_context()` is called. While Kerberos is a fundamental service, the prerequisite of a registered NegoEx mechanism limits the attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "RHBZ#2463368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356"
},
{
"category": "external",
"summary": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/advisories/",
"url": "https://web.mit.edu/kerberos/advisories/"
}
],
"release_date": "2026-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:37:55+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the NegoEx mechanism is not registered in the `/etc/gss/mech` configuration file. Removing the corresponding entry from this file will prevent the vulnerable code path from being activated. This action may impact services that rely on the NegoEx GSS-API mechanism. A restart of affected Kerberos-dependent services may be required for the change to take effect.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:35a26e08219c8608fd6be94ab0e16947c6d8dd68752b7c7747b65f23f1679492_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:97b534defdc32202c8208b1ab1411a1e1085accaa79372437d467968fae0ba53_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…