CVE-2026-14324: NULL Pointer Dereference in Red Hat Red Hat Enterprise Linux 10
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
AI Analysis
Technical Summary
The RAOP module in Red Hat Enterprise Linux 10 improperly handles unbounded Content-Length values and fails to verify the return value of pw_array_add(), resulting in a NULL pointer dereference. This vulnerability can cause the affected system to crash or become unavailable, constituting a denial of service. The CVSS 3.1 vector indicates the attack requires adjacent network access with low complexity, no privileges, and no user interaction. The impact is limited to availability with no confidentiality or integrity loss reported. The vendor advisory does not specify a remediation level or patch availability.
Potential Impact
This vulnerability leads to a denial of service condition due to a NULL pointer dereference in the RAOP module. It does not affect confidentiality or integrity but can cause system unavailability. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-14324 for current remediation guidance. Until an official fix is available, consider limiting access to the RAOP service to trusted networks to reduce exposure.
CVE-2026-14324: NULL Pointer Dereference in Red Hat Red Hat Enterprise Linux 10
Description
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
CVSS v3.1
Score 6.5medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The RAOP module in Red Hat Enterprise Linux 10 improperly handles unbounded Content-Length values and fails to verify the return value of pw_array_add(), resulting in a NULL pointer dereference. This vulnerability can cause the affected system to crash or become unavailable, constituting a denial of service. The CVSS 3.1 vector indicates the attack requires adjacent network access with low complexity, no privileges, and no user interaction. The impact is limited to availability with no confidentiality or integrity loss reported. The vendor advisory does not specify a remediation level or patch availability.
Potential Impact
This vulnerability leads to a denial of service condition due to a NULL pointer dereference in the RAOP module. It does not affect confidentiality or integrity but can cause system unavailability. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-14324 for current remediation guidance. Until an official fix is available, consider limiting access to the RAOP service to trusted networks to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-07-01T12:14:59.165Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-14324","vendor":"Red Hat"}]
Threat ID: 6a45260a27e9c79719982a6d
Added to database: 07/01/2026, 14:36:58 UTC
Last enriched: 07/01/2026, 14:54:34 UTC
Last updated: 07/01/2026, 23:17:38 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.