Vulnerability-Lookup

RHSA-2026:30087

Vulnerability from csaf_redhat - Published: 2026-06-25 19:29 - Updated: 2026-06-27 08:31

Summary

Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (Spyre)

Severity

Critical

Notes

Topic: Red Hat AI Inference Server 3.3.5 (Spyre) is now available.

Details: Red Hat® AI Inference Server

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-66448

A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-4786

A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-4878

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-6100

A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-22773

A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a tensor dimension mismatch, causing an unhandled runtime error and resulting in complete server termination, effectively a Denial of Service (DoS).

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-22778

A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Critical

CVE-2026-22807

A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face `auto_map` dynamic modules without properly validating the `trust_remote_code` setting. By influencing the model repository or path, an attacker can execute malicious Python code at server startup, even before any API requests are handled.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-24779

A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class, specifically within the load_from_url and load_from_url_async methods. An attacker can exploit differing interpretations of backslashes by Python parsing libraries used for host restrictions to bypass these restrictions. This allows the attacker to force the vLLM server to make arbitrary requests to internal network resources, potentially leading to information disclosure, denial of service, or unauthorized access within containerized environments.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-34588

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the `internal_exr_undo_piz()` function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow for arbitrary code execution or sensitive information disclosure.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-34982

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-35385

A flaw was found in OpenSSH. When the `scp` command is used by a root user to download a file with the legacy protocol option (`-O`) and without preserving original file permissions (`-p`), the downloaded file can be installed with elevated privileges (setuid or setgid). This unexpected behavior could allow a malicious file to execute with higher permissions than intended, posing a security risk through potential privilege escalation.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-281 - Improper Preservation of Permissions

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-37555

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application linked to the library and memory corruption.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-39979

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the `jv_parse_sized` function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the error message generated by the parser.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-40164

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause hash collisions, an attacker can degrade the performance of JSON object hash table operations, leading to significant CPU exhaustion and a denial of service (DoS) for systems processing the malicious JSON data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-341 - Predictable from Observable State

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-44431

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2026-44432

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-48818

A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery (SSRF). A remote attacker can exploit this by providing a specially crafted Universal Naming Convention (UNC) path, which causes the system to initiate an outbound Server Message Block (SMB) connection. This action can expose the service account's NTLMv2 credentials, potentially leading to information disclosure or further attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le	—	Vendor Fix fix Workaround

Threats

Impact Important

References

153 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:30087	self
https://access.redhat.com/security/cve/CVE-2025-62164	external
https://access.redhat.com/security/cve/CVE-2025-66448	external
https://access.redhat.com/security/cve/CVE-2026-10118	external
https://access.redhat.com/security/cve/CVE-2026-22773	external
https://access.redhat.com/security/cve/CVE-2026-22778	external
https://access.redhat.com/security/cve/CVE-2026-22807	external
https://access.redhat.com/security/cve/CVE-2026-24779	external
https://access.redhat.com/security/cve/CVE-2026-34588	external
https://access.redhat.com/security/cve/CVE-2026-34982	external
https://access.redhat.com/security/cve/CVE-2026-35385	external
https://access.redhat.com/security/cve/CVE-2026-37555	external
https://access.redhat.com/security/cve/CVE-2026-39979	external
https://access.redhat.com/security/cve/CVE-2026-40164	external
https://access.redhat.com/security/cve/CVE-2026-44431	external
https://access.redhat.com/security/cve/CVE-2026-44432	external
https://access.redhat.com/security/cve/CVE-2026-4775	external
https://access.redhat.com/security/cve/CVE-2026-4786	external
https://access.redhat.com/security/cve/CVE-2026-4878	external
https://access.redhat.com/security/cve/CVE-2026-48818	external
https://access.redhat.com/security/cve/CVE-2026-6100	external
https://access.redhat.com/security/updates/classi…	external
https://www.redhat.com/en/products/ai/inference-server	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-62164	self
https://bugzilla.redhat.com/show_bug.cgi?id=2416282	external
https://www.cve.org/CVERecord?id=CVE-2025-62164	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62164	external
https://github.com/vllm-project/vllm/commit/58fab…	external
https://github.com/vllm-project/vllm/pull/27204	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2025-66448	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418152	external
https://www.cve.org/CVERecord?id=CVE-2025-66448	external
https://nvd.nist.gov/vuln/detail/CVE-2025-66448	external
https://github.com/vllm-project/vllm/commit/ffb08…	external
https://github.com/vllm-project/vllm/pull/28126	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-4775	self
https://bugzilla.redhat.com/show_bug.cgi?id=2450768	external
https://www.cve.org/CVERecord?id=CVE-2026-4775	external
https://nvd.nist.gov/vuln/detail/CVE-2026-4775	external
https://access.redhat.com/security/cve/CVE-2026-4786	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458049	external
https://www.cve.org/CVERecord?id=CVE-2026-4786	external
https://nvd.nist.gov/vuln/detail/CVE-2026-4786	external
https://github.com/python/cpython/issues/148169	external
https://github.com/python/cpython/pull/148170	external
https://mail.python.org/archives/list/security-an…	external
https://access.redhat.com/security/cve/CVE-2026-4878	self
https://bugzilla.redhat.com/show_bug.cgi?id=2451615	external
https://www.cve.org/CVERecord?id=CVE-2026-4878	external
https://nvd.nist.gov/vuln/detail/CVE-2026-4878	external
https://bugzilla.redhat.com/show_bug.cgi?id=2447554	external
https://access.redhat.com/security/cve/CVE-2026-6100	self
https://bugzilla.redhat.com/show_bug.cgi?id=2457932	external
https://www.cve.org/CVERecord?id=CVE-2026-6100	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6100	external
https://github.com/python/cpython/commit/6a5f79c8…	external
https://github.com/python/cpython/commit/8fc66aef…	external
https://github.com/python/cpython/commit/c3cf71c3…	external
https://github.com/python/cpython/issues/148395	external
https://github.com/python/cpython/pull/148396	external
https://mail.python.org/archives/list/security-an…	external
https://access.redhat.com/security/cve/CVE-2026-10118	self
https://bugzilla.redhat.com/show_bug.cgi?id=2460428	external
https://www.cve.org/CVERecord?id=CVE-2026-10118	external
https://nvd.nist.gov/vuln/detail/CVE-2026-10118	external
https://gitlab.freedesktop.org/poppler/poppler/-/…	external
https://access.redhat.com/security/cve/CVE-2026-22773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2428443	external
https://www.cve.org/CVERecord?id=CVE-2026-22773	external
https://nvd.nist.gov/vuln/detail/CVE-2026-22773	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-22778	self
https://bugzilla.redhat.com/show_bug.cgi?id=2436113	external
https://www.cve.org/CVERecord?id=CVE-2026-22778	external
https://nvd.nist.gov/vuln/detail/CVE-2026-22778	external
https://github.com/vllm-project/vllm/pull/31987	external
https://github.com/vllm-project/vllm/pull/32319	external
https://github.com/vllm-project/vllm/releases/tag…	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-22807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2431865	external
https://www.cve.org/CVERecord?id=CVE-2026-22807	external
https://nvd.nist.gov/vuln/detail/CVE-2026-22807	external
https://github.com/vllm-project/vllm/commit/78d13…	external
https://github.com/vllm-project/vllm/pull/32194	external
https://github.com/vllm-project/vllm/releases/tag…	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-24779	self
https://bugzilla.redhat.com/show_bug.cgi?id=2433624	external
https://www.cve.org/CVERecord?id=CVE-2026-24779	external
https://nvd.nist.gov/vuln/detail/CVE-2026-24779	external
https://github.com/vllm-project/vllm/commit/f46d5…	external
https://github.com/vllm-project/vllm/pull/32746	external
https://github.com/vllm-project/vllm/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-34588	self
https://bugzilla.redhat.com/show_bug.cgi?id=2455408	external
https://www.cve.org/CVERecord?id=CVE-2026-34588	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34588	external
https://github.com/AcademySoftwareFoundation/open…	external
https://access.redhat.com/security/cve/CVE-2026-34982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2455400	external
https://www.cve.org/CVERecord?id=CVE-2026-34982	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34982	external
http://www.openwall.com/lists/oss-security/2026/04/01/1	external
https://github.com/vim/vim/commit/75661a66a1db1e1…	external
https://github.com/vim/vim/releases/tag/v9.2.0276	external
https://github.com/vim/vim/security/advisories/GH…	external
https://access.redhat.com/security/cve/CVE-2026-35385	self
https://bugzilla.redhat.com/show_bug.cgi?id=2454469	external
https://www.cve.org/CVERecord?id=CVE-2026-35385	external
https://nvd.nist.gov/vuln/detail/CVE-2026-35385	external
https://marc.info/?l=openssh-unix-dev&m=177513443…	external
https://www.openssh.org/releasenotes.html#10.3p1	external
https://www.openwall.com/lists/oss-security/2026/…	external
https://access.redhat.com/security/cve/CVE-2026-37555	self
https://bugzilla.redhat.com/show_bug.cgi?id=2463856	external
https://www.cve.org/CVERecord?id=CVE-2026-37555	external
https://nvd.nist.gov/vuln/detail/CVE-2026-37555	external
https://github.com/libsndfile/libsndfile/commit/9…	external
https://github.com/libsndfile/libsndfile/issues/833	external
https://access.redhat.com/security/cve/CVE-2026-39979	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458077	external
https://www.cve.org/CVERecord?id=CVE-2026-39979	external
https://nvd.nist.gov/vuln/detail/CVE-2026-39979	external
https://github.com/jqlang/jq/commit/2f09060afab23…	external
https://github.com/jqlang/jq/security/advisories/…	external
https://access.redhat.com/security/cve/CVE-2026-40164	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458084	external
https://www.cve.org/CVERecord?id=CVE-2026-40164	external
https://nvd.nist.gov/vuln/detail/CVE-2026-40164	external
https://github.com/jqlang/jq/commit/0c7d133c3c7e3…	external
https://github.com/jqlang/jq/security/advisories/…	external
https://access.redhat.com/security/cve/CVE-2026-44431	self
https://bugzilla.redhat.com/show_bug.cgi?id=2477167	external
https://www.cve.org/CVERecord?id=CVE-2026-44431	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44431	external
https://github.com/urllib3/urllib3/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-44432	self
https://bugzilla.redhat.com/show_bug.cgi?id=2477154	external
https://www.cve.org/CVERecord?id=CVE-2026-44432	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44432	external
https://github.com/urllib3/urllib3/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-48818	self
https://bugzilla.redhat.com/show_bug.cgi?id=2490020	external
https://www.cve.org/CVERecord?id=CVE-2026-48818	external
https://nvd.nist.gov/vuln/detail/CVE-2026-48818	external
https://github.com/Kludex/starlette/commit/fd5316…	external
https://github.com/Kludex/starlette/pull/3287	external
https://github.com/Kludex/starlette/releases/tag/1.1.0	external
https://github.com/Kludex/starlette/security/advi…	external

Acknowledgments

Quang Luong PrymEvol

Ali Raza

AISLE Research

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AI Inference Server 3.3.5 (Spyre) is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat\u00ae AI Inference Server",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:30087",
        "url": "https://access.redhat.com/errata/RHSA-2026:30087"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
        "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-10118",
        "url": "https://access.redhat.com/security/cve/CVE-2026-10118"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-22773",
        "url": "https://access.redhat.com/security/cve/CVE-2026-22773"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-22778",
        "url": "https://access.redhat.com/security/cve/CVE-2026-22778"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-22807",
        "url": "https://access.redhat.com/security/cve/CVE-2026-22807"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-24779",
        "url": "https://access.redhat.com/security/cve/CVE-2026-24779"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-34588",
        "url": "https://access.redhat.com/security/cve/CVE-2026-34588"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-34982",
        "url": "https://access.redhat.com/security/cve/CVE-2026-34982"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-35385",
        "url": "https://access.redhat.com/security/cve/CVE-2026-35385"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-37555",
        "url": "https://access.redhat.com/security/cve/CVE-2026-37555"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-39979",
        "url": "https://access.redhat.com/security/cve/CVE-2026-39979"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-40164",
        "url": "https://access.redhat.com/security/cve/CVE-2026-40164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44431"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4775",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4775"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4786",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4878",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4878"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-48818",
        "url": "https://access.redhat.com/security/cve/CVE-2026-48818"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-6100",
        "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://www.redhat.com/en/products/ai/inference-server",
        "url": "https://www.redhat.com/en/products/ai/inference-server"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30087.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (Spyre)",
    "tracking": {
      "current_release_date": "2026-06-27T08:31:07+00:00",
      "generator": {
        "date": "2026-06-27T08:31:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2026:30087",
      "initial_release_date": "2026-06-25T19:29:10+00:00",
      "revision_history": [
        {
          "date": "2026-06-25T19:29:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-25T19:29:22+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-27T08:31:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AI Inference Server 3.3",
                "product": {
                  "name": "Red Hat AI Inference Server 3.3",
                  "product_id": "Red Hat AI Inference Server 3.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ai_inference_server:3.3::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat AI Inference Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le",
                  "product_id": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-spyre-rhel9@sha256%3A9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhaiis/vllm-spyre-rhel9\u0026tag=1782352919"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
                  "product_id": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-spyre-rhel9@sha256%3A681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a?arch=s390x\u0026repository_url=registry.redhat.io/rhaiis/vllm-spyre-rhel9\u0026tag=1782352919"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
                "product": {
                  "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
                  "product_id": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vllm-spyre-rhel9@sha256%3A906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis/vllm-spyre-rhel9\u0026tag=1782352919"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x as a component of Red Hat AI Inference Server 3.3",
          "product_id": "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64 as a component of Red Hat AI Inference Server 3.3",
          "product_id": "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le as a component of Red Hat AI Inference Server 3.3",
          "product_id": "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le",
        "relates_to_product_reference": "Red Hat AI Inference Server 3.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-62164",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-21T02:01:11.280042+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/27204",
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
        }
      ],
      "release_date": "2025-11-21T01:18:38.803000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
    },
    {
      "cve": "CVE-2025-66448",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-12-01T23:01:07.198041+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
          "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/28126",
          "url": "https://github.com/vllm-project/vllm/pull/28126"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
        }
      ],
      "release_date": "2025-12-01T22:45:42.566000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Quang Luong",
            "PrymEvol"
          ]
        }
      ],
      "cve": "CVE-2026-4775",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-03-24T14:23:23.826000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2450768"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw in the libtiff library, affecting the processing of specially crafted TIFF files, could lead to a denial of service or potentially arbitrary code execution. This vulnerability, caused by a signed integer overflow during TIFF image processing, results in an out-of-bounds heap write. Red Hat products that process untrusted TIFF files using libtiff may be impacted.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4775"
        },
        {
          "category": "external",
          "summary": "RHBZ#2450768",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4775"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4775",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4775"
        }
      ],
      "release_date": "2026-03-24T14:33:35.730000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid processing untrusted or maliciously crafted TIFF files with applications linked against the libtiff library. If processing untrusted TIFF files is unavoidable, consider running the affected applications within a sandboxed environment to limit the potential impact of successful exploitation. This operational control helps contain the effects of an out-of-bounds write, reducing the risk of denial of service or arbitrary code execution.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing"
    },
    {
      "cve": "CVE-2026-4786",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "discovery_date": "2026-04-13T22:01:38.006388+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458049"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458049",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/148169",
          "url": "https://github.com/python/cpython/issues/148169"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/148170",
          "url": "https://github.com/python/cpython/pull/148170"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
        }
      ],
      "release_date": "2026-04-13T21:52:19.036000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ali Raza"
          ]
        }
      ],
      "cve": "CVE-2026-4878",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "discovery_date": "2026-03-26T06:56:21.213270+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2451615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important flaw. A Time-of-Check-to-Time-of-Use (TOCTOU) race condition in libcap\u0027s cap_set_file() allows a local unprivileged user to escalate privileges. An attacker with write access to a parent directory can exploit a narrow window during file capability updates to redirect capabilities to an attacker-controlled file. This can lead to the injection of elevated privileges into an unintended executable when privileged processes, such as setcap or container tooling, invoke cap_set_file() on attacker-influenced paths.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4878"
        },
        {
          "category": "external",
          "summary": "RHBZ#2451615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878"
        },
        {
          "category": "external",
          "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
        }
      ],
      "release_date": "2026-04-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
    },
    {
      "cve": "CVE-2026-6100",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-04-13T18:01:31.970255+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2457932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Python\u0027s decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
        },
        {
          "category": "external",
          "summary": "RHBZ#2457932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
          "url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
          "url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
          "url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/148395",
          "url": "https://github.com/python/cpython/issues/148395"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/148396",
          "url": "https://github.com/python/cpython/pull/148396"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
        }
      ],
      "release_date": "2026-04-13T17:15:47.606000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "AISLE Research"
          ],
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2026-10118",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-04-21T23:20:23+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2460428"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Poppler\u0027s Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important heap-based memory corruption flaw in Poppler\u0027s Splash backend. Processing a specially crafted PDF document can lead to an integer overflow, resulting in an undersized heap allocation and a subsequent out-of-bounds write. This could allow an attacker to achieve arbitrary code execution, disclose sensitive information, or cause a denial of service within the context of the application rendering the PDF. To successfully exploit this vulnerability the attacker needs to be able to supply the maliciously crafted PDF file to the application consuming poppler or trick the user to process the PDF file using the Poppler\u0027s backend.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-10118"
        },
        {
          "category": "external",
          "summary": "RHBZ#2460428",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460428"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-10118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10118"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10118",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10118"
        },
        {
          "category": "external",
          "summary": "https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715",
          "url": "https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715"
        }
      ],
      "release_date": "2026-06-01T15:25:35.578000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, users should avoid opening untrusted or suspicious PDF documents with applications that utilize the Poppler library for rendering. Limiting exposure to untrusted content can reduce the risk of exploitation.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication"
    },
    {
      "cve": "CVE-2026-22773",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-10T07:01:22.641229+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2428443"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a tensor dimension mismatch, causing an unhandled runtime error and resulting in complete server termination, effectively a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat products. A remote attacker can trigger a denial of service in vLLM engines serving multimodal models that use the Idefics3 vision model by sending a specially crafted image, leading to complete server termination. This affects Red Hat AI Inference Server and Red Hat OpenShift AI (RHOAI) when configured with the vulnerable vLLM versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-22773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2428443",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428443"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr"
        }
      ],
      "release_date": "2026-01-10T06:39:02.276000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving"
    },
    {
      "cve": "CVE-2026-22778",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2026-02-03T00:01:43.512265+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436113"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM\u0027s multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Critical rather than Important because it allows unauthenticated remote code execution without requiring user interaction, ultimately leading to full compromise of the affected system. An attacker can provide a malicious video URL to a vulnerable vLLM inference endpoint, which causes the service to automatically retrieve and process attacker-controlled media content. During decoding, a heap overflow is triggered in the underlying video processing stack, enabling corruption of heap memory and potential overwriting of control structures to execute arbitrary commands on the host. In addition, an information disclosure condition can leak memory addresses, significantly weakening ASLR protections and making exploitation more reliable when combined with the heap overflow. Successful exploitation compromises the confidentiality, integrity, and availability of the system and can impact deployments such as Red Hat AI Inference Server, Red Hat Enterprise Linux AI, and Red Hat OpenShift AI, thereby meeting Red Hat\u2019s criteria for Critical severity rather than Important impact.\n\nThe vLLM vulnerability depends on CVE-2025-9951, as processing attacker-controlled media can trigger the JPEG2000 decoder heap overflow, which can then be exploited within the vLLM video handling pipeline to cause memory corruption and potentially achieve remote code execution.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-22778"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436113",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436113"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22778"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22778",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22778"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/31987",
          "url": "https://github.com/vllm-project/vllm/pull/31987"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/32319",
          "url": "https://github.com/vllm-project/vllm/pull/32319"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1",
          "url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv"
        }
      ],
      "release_date": "2026-02-02T21:09:53.265000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint."
    },
    {
      "cve": "CVE-2026-22807",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2026-01-21T22:00:55.823882+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431865"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face `auto_map` dynamic modules without properly validating the `trust_remote_code` setting. By influencing the model repository or path, an attacker can execute malicious Python code at server startup, even before any API requests are handled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vLLM: vLLM: Arbitrary code execution via untrusted model loading",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat as vLLM, an inference and serving engine for large language models, is vulnerable to arbitrary code execution. An attacker influencing the model repository or path can execute malicious Python code during server startup, affecting vLLM versions 0.10.1 through 0.13.x.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-22807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431865",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431865"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22807"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5",
          "url": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/32194",
          "url": "https://github.com/vllm-project/vllm/pull/32194"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0",
          "url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr"
        }
      ],
      "release_date": "2026-01-21T21:13:11.894000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, ensure that vLLM instances are configured to load models only from trusted and verified repositories. Restrict access to the model repository path to prevent unauthorized modification or introduction of malicious code. Implement strict access controls and integrity checks for all model sources.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vLLM: vLLM: Arbitrary code execution via untrusted model loading"
    },
    {
      "cve": "CVE-2026-24779",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2026-01-27T23:00:53.998772+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2433624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class, specifically within the load_from_url and load_from_url_async methods. An attacker can exploit differing interpretations of backslashes by Python parsing libraries used for host restrictions to bypass these restrictions. This allows the attacker to force the vLLM server to make arbitrary requests to internal network resources, potentially leading to information disclosure, denial of service, or unauthorized access within containerized environments.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vLLM: vLLM: Server-Side Request Forgery allows internal network access",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT Server-Side Request Forgery (SSRF) vulnerability in vLLM\u0027s `MediaConnector` allows an attacker to bypass host restrictions when processing user-provided URLs. This enables the vLLM server to be coerced into making arbitrary requests to internal network resources. This is critical in containerized deployments, including Red Hat AI Inference Server, Red Hat Enterprise Linux AI, and Red Hat OpenShift AI, where it could facilitate internal network reconnaissance and unauthorized access to other services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-24779"
        },
        {
          "category": "external",
          "summary": "RHBZ#2433624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-24779",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24779"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7",
          "url": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/pull/32746",
          "url": "https://github.com/vllm-project/vllm/pull/32746"
        },
        {
          "category": "external",
          "summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc",
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc"
        }
      ],
      "release_date": "2026-01-27T22:01:13.808000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, restrict network access to the vLLM service to only trusted clients. Implement strict network segmentation for vLLM pods in containerized environments to limit potential lateral movement. Ensure that vLLM instances are not exposed to untrusted external networks without proper access controls and input validation at the perimeter.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vLLM: vLLM: Server-Side Request Forgery allows internal network access"
    },
    {
      "cve": "CVE-2026-34588",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-04-06T16:02:38.673068+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2455408"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the `internal_exr_undo_piz()` function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow for arbitrary code execution or sensitive information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34588"
        },
        {
          "category": "external",
          "summary": "RHBZ#2455408",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455408"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34588"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34588",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34588"
        },
        {
          "category": "external",
          "summary": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf",
          "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf"
        }
      ],
      "release_date": "2026-04-06T15:31:57.602000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file"
    },
    {
      "cve": "CVE-2026-34982",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-04-06T16:02:10.004743+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2455400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the `complete`, `guitabtooltip`, `printheader` options and the `mapset` function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vim: arbitrary command execution via modeline sandbox bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted file. The arbitrary OS command execution is restricted to the privileges of the user running Vim, limiting the potential of a full system compromise.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2455400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34982"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2026/04/01/1",
          "url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
          "url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/releases/tag/v9.2.0276",
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
        },
        {
          "category": "external",
          "summary": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
          "url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
        }
      ],
      "release_date": "2026-04-06T15:16:48.809000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, disable the modeline support by adding the following command to the Vim configuration file:\n\n~~~\nset nomodeline\n~~~",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vim: arbitrary command execution via modeline sandbox bypass"
    },
    {
      "cve": "CVE-2026-35385",
      "cwe": {
        "id": "CWE-281",
        "name": "Improper Preservation of Permissions"
      },
      "discovery_date": "2026-04-02T17:01:07.052864+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2454469"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH. When the `scp` command is used by a root user to download a file with the legacy protocol option (`-O`) and without preserving original file permissions (`-p`), the downloaded file can be installed with elevated privileges (setuid or setgid). This unexpected behavior could allow a malicious file to execute with higher permissions than intended, posing a security risk through potential privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-35385"
        },
        {
          "category": "external",
          "summary": "RHBZ#2454469",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454469"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-35385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35385"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.3p1",
          "url": "https://www.openssh.org/releasenotes.html#10.3p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/04/02/3",
          "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3"
        }
      ],
      "release_date": "2026-04-02T16:30:59.615000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode"
    },
    {
      "cve": "CVE-2026-37555",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-04-29T17:00:55.901773+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2463856"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application linked to the library and memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libsndfile: integer overflow in ima_reader_init()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to be able to process a malicious WAV file with an application linked to the libsndfile library.\n\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-37555"
        },
        {
          "category": "external",
          "summary": "RHBZ#2463856",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463856"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-37555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-37555"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-37555",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37555"
        },
        {
          "category": "external",
          "summary": "https://github.com/libsndfile/libsndfile/commit/9a829113c88a51e57c1e46473e90609e4b7df151",
          "url": "https://github.com/libsndfile/libsndfile/commit/9a829113c88a51e57c1e46473e90609e4b7df151"
        },
        {
          "category": "external",
          "summary": "https://github.com/libsndfile/libsndfile/issues/833",
          "url": "https://github.com/libsndfile/libsndfile/issues/833"
        }
      ],
      "release_date": "2026-04-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Do not process untrusted WAV files with the libsndfile library.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libsndfile: integer overflow in ima_reader_init()"
    },
    {
      "cve": "CVE-2026-39979",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2026-04-13T23:01:01.219840+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458077"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the `jv_parse_sized` function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the error message generated by the parser.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to supply malformed JSON from a non-NUL-terminated buffer to an application using the `jv_parse_sized` function. This allows the attacker to trigger the out-of-bounds read, causing an application crash and potentially disclosing memory with no other security impact. As this issue affects the libjq library, it is more likely to be exposed to untrusted input. Due to these reasons, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-39979"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458077",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458077"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-39979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39979"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39979",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39979"
        },
        {
          "category": "external",
          "summary": "https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f",
          "url": "https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f"
        },
        {
          "category": "external",
          "summary": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p",
          "url": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p"
        }
      ],
      "release_date": "2026-04-13T22:18:56.252000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, manually ensure that every buffer is NUL-terminated before passing it to the \u0027jv_parse_sized\u0027 function.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers"
    },
    {
      "cve": "CVE-2026-40164",
      "cwe": {
        "id": "CWE-341",
        "name": "Predictable from Observable State"
      },
      "discovery_date": "2026-04-14T00:01:04.003115+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq\u0027s hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause hash collisions, an attacker can degrade the performance of JSON object hash table operations, leading to significant CPU exhaustion and a denial of service (DoS) for systems processing the malicious JSON data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jq: jq: Denial of Service via crafted JSON object causing hash collisions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-40164"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-40164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40164"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40164",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40164"
        },
        {
          "category": "external",
          "summary": "https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784",
          "url": "https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784"
        },
        {
          "category": "external",
          "summary": "https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29",
          "url": "https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29"
        }
      ],
      "release_date": "2026-04-13T23:40:12.693000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jq: jq: Denial of Service via crafted JSON object causing hash collisions"
    },
    {
      "cve": "CVE-2026-44431",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "discovery_date": "2026-05-13T17:01:41.663622+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477167"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44431"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477167",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
        }
      ],
      "release_date": "2026-05-13T15:20:24.588000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
    },
    {
      "cve": "CVE-2026-44432",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-05-13T17:01:01.083841+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "release_date": "2026-05-13T15:17:12.611000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
    },
    {
      "cve": "CVE-2026-48818",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2026-06-17T19:03:44.998691+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2490020"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery (SSRF). A remote attacker can exploit this by providing a specially crafted Universal Naming Convention (UNC) path, which causes the system to initiate an outbound Server Message Block (SMB) connection. This action can expose the service account\u0027s NTLMv2 credentials, potentially leading to information disclosure or further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Important flaw in Starlette\u0027s StaticFiles component, which allows for NTLMv2 credential theft via specially crafted UNC paths, does not affect Red Hat products. The vulnerability is specific to Windows operating systems, and the vulnerable code is not present in Red Hat\u0027s supported configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
          "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-48818"
        },
        {
          "category": "external",
          "summary": "RHBZ#2490020",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490020"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-48818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48818"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48818",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48818"
        },
        {
          "category": "external",
          "summary": "https://github.com/Kludex/starlette/commit/fd53168a7767b6b55ba5af787fd88f49e33cabc5",
          "url": "https://github.com/Kludex/starlette/commit/fd53168a7767b6b55ba5af787fd88f49e33cabc5"
        },
        {
          "category": "external",
          "summary": "https://github.com/Kludex/starlette/pull/3287",
          "url": "https://github.com/Kludex/starlette/pull/3287"
        },
        {
          "category": "external",
          "summary": "https://github.com/Kludex/starlette/releases/tag/1.1.0",
          "url": "https://github.com/Kludex/starlette/releases/tag/1.1.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-wqp7-x3pw-xc5r",
          "url": "https://github.com/Kludex/starlette/security/advisories/GHSA-wqp7-x3pw-xc5r"
        }
      ],
      "release_date": "2026-06-17T17:50:12.399000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T19:29:10+00:00",
          "details": "For more information visit https://access.redhat.com/errata/RHSA-2026:30087",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:681d191e22994e4da2d4844219e2401ee363d4b3524cd19bb00076dce685a36a_s390x",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:906987407c1ed10139dadc5f8aef64584f407a6017467fce726e2e9c42d9f9c8_amd64",
            "Red Hat AI Inference Server 3.3:registry.redhat.io/rhaiis/vllm-spyre-rhel9@sha256:9c8187509c26e824143f51f9522d7b6457f3aea33e5f7983bb203e4bb231473d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows"
    }
  ]
}

CVE-2025-62164 (GCVE-0-2025-62164)

Vulnerability from cvelistv5 – Published: 2025-11-21 01:18 – Updated: 2025-11-24 18:12

Title

VLLM deserialization vulnerability leading to DoS and potential RCE

Summary

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation
CWE-123 - Write-what-where Condition
CWE-502 - Deserialization of Untrusted Data
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/vllm-project/vllm/security/adv…	x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/27204	x_refsource_MISC
https://github.com/vllm-project/vllm/commit/58fab…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
vllm-project	vllm	Affected: >= 0.10.2, < 0.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62164",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T17:15:13.097938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T18:12:44.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vllm",
          "vendor": "vllm-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.10.2, \u003c 0.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-123",
              "description": "CWE-123: Write-what-where Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T01:18:38.803Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
        },
        {
          "name": "https://github.com/vllm-project/vllm/pull/27204",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/pull/27204"
        },
        {
          "name": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
        }
      ],
      "source": {
        "advisory": "GHSA-mrw7-hf4f-83pf",
        "discovery": "UNKNOWN"
      },
      "title": "VLLM deserialization vulnerability leading to DoS and potential RCE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62164",
    "datePublished": "2025-11-21T01:18:38.803Z",
    "dateReserved": "2025-10-07T16:12:03.425Z",
    "dateUpdated": "2025-11-24T18:12:44.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66448 (GCVE-0-2025-66448)

Vulnerability from cvelistv5 – Published: 2025-12-01 22:45 – Updated: 2025-12-02 14:14

Title

vLLM vulnerable to remote code execution via transformers_utils/get_config

Summary

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/vllm-project/vllm/security/adv…	x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/28126	x_refsource_MISC
https://github.com/vllm-project/vllm/commit/ffb08…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
vllm-project	vllm	Affected: < 0.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T14:14:49.921511Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T14:14:58.324Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vllm",
          "vendor": "vllm-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend\u2019s code on the victim host. This vulnerability is fixed in 0.11.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T22:45:42.566Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
        },
        {
          "name": "https://github.com/vllm-project/vllm/pull/28126",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/pull/28126"
        },
        {
          "name": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
        }
      ],
      "source": {
        "advisory": "GHSA-8fr4-5q9j-m8gm",
        "discovery": "UNKNOWN"
      },
      "title": "vLLM vulnerable to remote code execution via transformers_utils/get_config"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66448",
    "datePublished": "2025-12-01T22:45:42.566Z",
    "dateReserved": "2025-12-01T18:22:06.865Z",
    "dateUpdated": "2025-12-02T14:14:58.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10118 (GCVE-0-2026-10118)

Vulnerability from cvelistv5 – Published: 2026-06-01 15:33 – Updated: 2026-06-27 08:21

Title

Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

redhat

References

20 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:24984	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24985	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25058	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27720	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27721	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27722	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27723	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27724	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27725	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27727	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29952	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30044	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30078	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30087	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30088	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30089	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30134	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-10118	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2460428	issue-trackingx_refsource_REDHAT
https://gitlab.freedesktop.org/poppler/poppler/-/…

Impacted products

21 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:24.02.0-7.el10_2.2 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:24.02.0-7.el10_0.1 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:0.22.5-7.el7_9 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:0.26.5-44.el7_9 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:20.11.0-14.el8_10 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:20.11.0-2.el8_4.3 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:20.11.0-2.el8_4.3 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:20.11.0-5.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On	Unaffected: 0:20.11.0-5.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:20.11.0-7.el8_8.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:20.11.0-7.el8_8.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:21.01.0-24.el9_8.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:21.01.0-15.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions	Unaffected: 0:21.01.0-20.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.4::appstream
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:21.01.0-22.el9_6.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: 1782352950 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: 1782352919 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: 1782353093 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat AI Inference Server 3.3	Unaffected: 1782352847 , < * (rpm) cpe:/a:redhat:ai_inference_server:3.3::el9
Red Hat	Red Hat Hardened Images	Unaffected: 26.06.0-0.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Date Public

2026-06-01 15:25

Credits

This issue was discovered by AISLE Research and AISLE in partnership with Red Hat.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T03:55:45.341Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:24.02.0-7.el10_2.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:24.02.0-7.el10_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-poppler022",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.22.5-7.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.26.5-44.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-14.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-2.el8_4.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-2.el8_4.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-5.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-5.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-7.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:20.11.0-7.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:21.01.0-24.el9_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:21.01.0-15.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:21.01.0-20.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/a:redhat:rhel_eus:9.6::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:21.01.0-22.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782352950",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-spyre-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782352919",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-rocm-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782353093",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.3::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/vllm-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782352847",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "poppler-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.06.0-0.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "poppler",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by AISLE Research and AISLE in partnership with Red Hat."
        }
      ],
      "datePublic": "2026-06-01T15:25:35.578Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Poppler\u0027s Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-27T08:21:12.170Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:24984",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:24984"
        },
        {
          "name": "RHSA-2026:24985",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:24985"
        },
        {
          "name": "RHSA-2026:25058",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25058"
        },
        {
          "name": "RHSA-2026:27720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27720"
        },
        {
          "name": "RHSA-2026:27721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27721"
        },
        {
          "name": "RHSA-2026:27722",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27722"
        },
        {
          "name": "RHSA-2026:27723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27723"
        },
        {
          "name": "RHSA-2026:27724",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27724"
        },
        {
          "name": "RHSA-2026:27725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27725"
        },
        {
          "name": "RHSA-2026:27727",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27727"
        },
        {
          "name": "RHSA-2026:29952",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:29952"
        },
        {
          "name": "RHSA-2026:30044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30044"
        },
        {
          "name": "RHSA-2026:30078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30078"
        },
        {
          "name": "RHSA-2026:30087",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30087"
        },
        {
          "name": "RHSA-2026:30088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30088"
        },
        {
          "name": "RHSA-2026:30089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30089"
        },
        {
          "name": "RHSA-2026:30134",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30134"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-10118"
        },
        {
          "name": "RHBZ#2460428",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460428"
        },
        {
          "url": "https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-21T23:20:23.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-06-01T15:25:35.578Z",
          "value": "Made public."
        }
      ],
      "title": "Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, users should avoid opening untrusted or suspicious PDF documents with applications that utilize the Poppler library for rendering. Limiting exposure to untrusted content can reduce the risk of exploitation."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-10118",
    "datePublished": "2026-06-01T15:33:39.670Z",
    "dateReserved": "2026-05-29T17:18:50.666Z",
    "dateUpdated": "2026-06-27T08:21:12.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22773 (GCVE-0-2026-22773)

Vulnerability from cvelistv5 – Published: 2026-01-10 06:39 – Updated: 2026-01-12 13:22

Title

vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

Summary

vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/vllm-project/vllm/security/adv…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
vllm-project	vllm	Affected: >= 0.6.4, < 0.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22773",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T13:22:42.362326Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T13:22:52.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vllm",
          "vendor": "vllm-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.6.4, \u003c 0.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T06:39:02.276Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr"
        }
      ],
      "source": {
        "advisory": "GHSA-grg2-63fw-f2qr",
        "discovery": "UNKNOWN"
      },
      "title": "vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22773",
    "datePublished": "2026-01-10T06:39:02.276Z",
    "dateReserved": "2026-01-09T18:27:19.387Z",
    "dateUpdated": "2026-01-12T13:22:52.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22778 (GCVE-0-2026-22778)

Vulnerability from cvelistv5 – Published: 2026-02-02 21:09 – Updated: 2026-06-27 05:17

Title

vLLM leaks a heap address when PIL throws an error

Summary

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-532 - Insertion of Sensitive Information into Log File
CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

GitHub_M

References

12 references

URL	Tags
https://github.com/vllm-project/vllm/security/adv…	x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/31987	x_refsource_MISC
https://github.com/vllm-project/vllm/pull/32319	x_refsource_MISC
https://github.com/vllm-project/vllm/releases/tag…	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2026-22778	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2436113	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:3461	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3462	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3782	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3713	vendor-advisoryx_refsource_REDHAT

Impacted products

7 products

Vendor	Product	Version
vllm-project	vllm	Affected: >= 0.8.3, < 0.14.1
Red Hat	Red Hat AI Inference Server 3.2	cpe:/a:redhat:ai_inference_server:3.2::el9
Red Hat	Red Hat OpenShift AI 2.25	cpe:/a:redhat:openshift_ai:2.25::el9
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat AI Inference Server	cpe:/a:redhat:ai_inference_server:3
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	cpe:/a:redhat:enterprise_linux_ai:3
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T15:40:34.684022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T15:42:57.155Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3.2::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat AI Inference Server 3.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.25::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.25",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat AI Inference Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_ai:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-02-02T21:09:53.265Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM\u0027s multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Critical"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-209",
                "description": "Generation of Error Message Containing Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-27T05:17:24.025Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-22778"
          },
          {
            "name": "RHBZ#2436113",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436113"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22778.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3461"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3782"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3713"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:3461: Red Hat AI Inference Server 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3462: Red Hat AI Inference Server 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3782: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3713: Red Hat OpenShift AI 3.3"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-03T00:01:43.512Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-02-02T21:09:53.265Z",
            "value": "Made public."
          }
        ],
        "title": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vllm",
          "vendor": "vllm-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.8.3, \u003c 0.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM\u0027s multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-02T21:09:53.265Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv"
        },
        {
          "name": "https://github.com/vllm-project/vllm/pull/31987",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/pull/31987"
        },
        {
          "name": "https://github.com/vllm-project/vllm/pull/32319",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/pull/32319"
        },
        {
          "name": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1"
        }
      ],
      "source": {
        "advisory": "GHSA-4r2x-xpjr-7cvv",
        "discovery": "UNKNOWN"
      },
      "title": "vLLM leaks a heap address when PIL throws an error"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22778",
    "datePublished": "2026-02-02T21:09:53.265Z",
    "dateReserved": "2026-01-09T18:27:19.388Z",
    "dateUpdated": "2026-06-27T05:17:24.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22807 (GCVE-0-2026-22807)

Vulnerability from cvelistv5 – Published: 2026-01-21 21:13 – Updated: 2026-01-22 16:50

Title

vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/vllm-project/vllm/security/adv…	x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/32194	x_refsource_MISC
https://github.com/vllm-project/vllm/commit/78d13…	x_refsource_MISC
https://github.com/vllm-project/vllm/releases/tag…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
vllm-project	vllm	Affected: >= 0.10.1, < 0.14.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22807",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T15:11:00.640100Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T16:50:33.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vllm",
          "vendor": "vllm-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.10.1, \u003c 0.14.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T21:13:11.894Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr"
        },
        {
          "name": "https://github.com/vllm-project/vllm/pull/32194",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/pull/32194"
        },
        {
          "name": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5"
        },
        {
          "name": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0"
        }
      ],
      "source": {
        "advisory": "GHSA-2pc9-4j83-qjmr",
        "discovery": "UNKNOWN"
      },
      "title": "vLLM affected by RCE via auto_map dynamic module loading during model initialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22807",
    "datePublished": "2026-01-21T21:13:11.894Z",
    "dateReserved": "2026-01-09T22:50:10.288Z",
    "dateUpdated": "2026-01-22T16:50:33.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24779 (GCVE-0-2026-24779)

Vulnerability from cvelistv5 – Published: 2026-01-27 22:01 – Updated: 2026-01-28 21:10

Title

vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

Summary

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources. This vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state. Version 0.14.1 contains a patch for the issue.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/vllm-project/vllm/security/adv…	x_refsource_CONFIRM
https://github.com/vllm-project/vllm/pull/32746	x_refsource_MISC
https://github.com/vllm-project/vllm/commit/f46d5…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
vllm-project	vllm	Affected: < 0.14.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24779",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-28T21:10:30.758116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-28T21:10:38.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vllm",
          "vendor": "vllm-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project\u0027s multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources. This vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state. Version 0.14.1 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T22:01:13.808Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc"
        },
        {
          "name": "https://github.com/vllm-project/vllm/pull/32746",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/pull/32746"
        },
        {
          "name": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7"
        }
      ],
      "source": {
        "advisory": "GHSA-qh4c-xf7m-gxfc",
        "discovery": "UNKNOWN"
      },
      "title": "vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24779",
    "datePublished": "2026-01-27T22:01:13.808Z",
    "dateReserved": "2026-01-26T21:06:47.869Z",
    "dateUpdated": "2026-01-28T21:10:38.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34588 (GCVE-0-2026-34588)

Vulnerability from cvelistv5 – Published: 2026-04-06 15:31 – Updated: 2026-05-13 15:09

Title

OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

Summary

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Severity

8.6 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-125 - Out-of-bounds Read
CWE-190 - Integer Overflow or Wraparound
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/AcademySoftwareFoundation/open…	x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/open…	x_refsource_MISC
https://github.com/AcademySoftwareFoundation/open…	x_refsource_MISC
https://github.com/AcademySoftwareFoundation/open…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
AcademySoftwareFoundation	openexr	Affected: >= 3.1.0, <= 3.1.13 Affected: >= 3.2.0, < 3.2.7 Affected: >= 3.3.0, < 3.3.9 Affected: >= 3.4.0, < 3.4.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-07T03:56:04.356566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T15:09:46.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openexr",
          "vendor": "AcademySoftwareFoundation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.1.0, \u003c= 3.1.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2.0, \u003c 3.2.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.3.0, \u003c 3.3.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.4.0, \u003c 3.4.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T03:07:58.463Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf"
        },
        {
          "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7"
        },
        {
          "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9"
        },
        {
          "name": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9"
        }
      ],
      "source": {
        "advisory": "GHSA-588r-cr5c-w6hf",
        "discovery": "UNKNOWN"
      },
      "title": "OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34588",
    "datePublished": "2026-04-06T15:31:57.602Z",
    "dateReserved": "2026-03-30T16:56:30.999Z",
    "dateUpdated": "2026-05-13T15:09:46.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34982 (GCVE-0-2026-34982)

Vulnerability from cvelistv5 – Published: 2026-04-06 15:16 – Updated: 2026-04-07 03:56

Title

Vim modeline bypass via various options affects Vim < 9.2.0276

Summary

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/vim/vim/security/advisories/GH…	x_refsource_CONFIRM
https://github.com/vim/vim/commit/75661a66a1db1e1…	x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0276	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2026/04/01/1

Impacted products

1 product

Vendor	Product	Version
vim	vim	Affected: < 9.2.0276

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-06T15:19:17.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/01/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-07T03:56:01.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim",
          "vendor": "vim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.2.0276"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-06T15:16:48.809Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9"
        },
        {
          "name": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615"
        },
        {
          "name": "https://github.com/vim/vim/releases/tag/v9.2.0276",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vim/vim/releases/tag/v9.2.0276"
        }
      ],
      "source": {
        "advisory": "GHSA-8h6p-m6gr-mpw9",
        "discovery": "UNKNOWN"
      },
      "title": "Vim modeline bypass via various options affects Vim \u003c 9.2.0276"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34982",
    "datePublished": "2026-04-06T15:16:48.809Z",
    "dateReserved": "2026-03-31T19:38:31.617Z",
    "dateUpdated": "2026-04-07T03:56:01.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35385 (GCVE-0-2026-35385)

Vulnerability from cvelistv5 – Published: 2026-04-02 16:30 – Updated: 2026-04-03 03:55

Summary

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-281 - Improper Preservation of Permissions

Assigner

mitre

References

3 references

URL	Tags
https://www.openssh.org/releasenotes.html#10.3p1
https://marc.info/?l=openssh-unix-dev&m=177513443…
https://www.openwall.com/lists/oss-security/2026/…

Impacted products

1 product

Vendor	Product	Version
OpenBSD	OpenSSH	Affected: 0 , < 10.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35385",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T03:55:44.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSH",
          "vendor": "OpenBSD",
          "versions": [
            {
              "lessThan": "10.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users\u0027 expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281 Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:15:37.128Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openssh.org/releasenotes.html#10.3p1"
        },
        {
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/02/3"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-35385",
    "datePublished": "2026-04-02T16:30:59.615Z",
    "dateReserved": "2026-04-02T16:30:59.107Z",
    "dateUpdated": "2026-04-03T03:55:44.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:30087

CVE-2025-62164 (GCVE-0-2025-62164)

CVE-2025-66448 (GCVE-0-2025-66448)

CVE-2026-10118 (GCVE-0-2026-10118)

CVE-2026-22773 (GCVE-0-2026-22773)

CVE-2026-22778 (GCVE-0-2026-22778)

CVE-2026-22807 (GCVE-0-2026-22807)

CVE-2026-24779 (GCVE-0-2026-24779)

CVE-2026-34588 (GCVE-0-2026-34588)

CVE-2026-34982 (GCVE-0-2026-34982)

CVE-2026-35385 (GCVE-0-2026-35385)

Tags

Sightings

Nomenclature