Red Hat Security Advisory: fence-agents security update
This security advisory addresses vulnerabilities in the fence-agents packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support and related variants. The fence-agents provide scripts for remote power management of cluster devices, enabling forced restart and removal of failed or unreachable nodes. The update fixes two vulnerabilities in the urllib3 library's streaming API: improper handling of highly compressed data (CVE-2025-66471) and a decompression-bomb safeguard bypass when following HTTP redirects (CVE-2026-21441). These issues could potentially affect the stability or security of cluster node management. Red Hat has released updated fence-agents packages to remediate these vulnerabilities. No known exploits are reported in the wild. Users should apply the provided updates to affected systems to mitigate the risks.
AI Analysis
Technical Summary
The fence-agents packages in Red Hat Enterprise Linux 9.4 EUS and related variants include scripts for managing remote power control of cluster nodes. Two security vulnerabilities in the urllib3 streaming API used by these packages have been identified: CVE-2025-66471, where highly compressed data is improperly handled, and CVE-2026-21441, where the decompression-bomb safeguard can be bypassed when following HTTP redirects. These vulnerabilities could allow maliciously crafted data to impact the functionality or security of the cluster management processes. Red Hat has issued an important security update (RHSA-2026:1717) that addresses these issues by updating the fence-agents packages. The advisory references detailed CVE pages for further information. The vulnerabilities are rated as having important security impact by Red Hat, with no CVSS scores provided in the advisory.
Potential Impact
The vulnerabilities affect the urllib3 streaming API used by fence-agents, potentially allowing improper handling of compressed data and bypass of decompression-bomb safeguards. This could lead to resource exhaustion or denial of service conditions during cluster node management operations. The impact is limited to environments using the affected fence-agents packages on Red Hat Enterprise Linux 9.4 EUS and related variants. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated fence-agents packages that address these vulnerabilities. Users should apply the security update RHSA-2026:1717 as detailed in the Red Hat advisory (https://access.redhat.com/articles/11258) to remediate the issues. No additional mitigation steps are indicated by the vendor beyond applying the official update.
Red Hat Security Advisory: fence-agents security update
Description
This security advisory addresses vulnerabilities in the fence-agents packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support and related variants. The fence-agents provide scripts for remote power management of cluster devices, enabling forced restart and removal of failed or unreachable nodes. The update fixes two vulnerabilities in the urllib3 library's streaming API: improper handling of highly compressed data (CVE-2025-66471) and a decompression-bomb safeguard bypass when following HTTP redirects (CVE-2026-21441). These issues could potentially affect the stability or security of cluster node management. Red Hat has released updated fence-agents packages to remediate these vulnerabilities. No known exploits are reported in the wild. Users should apply the provided updates to affected systems to mitigate the risks.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The fence-agents packages in Red Hat Enterprise Linux 9.4 EUS and related variants include scripts for managing remote power control of cluster nodes. Two security vulnerabilities in the urllib3 streaming API used by these packages have been identified: CVE-2025-66471, where highly compressed data is improperly handled, and CVE-2026-21441, where the decompression-bomb safeguard can be bypassed when following HTTP redirects. These vulnerabilities could allow maliciously crafted data to impact the functionality or security of the cluster management processes. Red Hat has issued an important security update (RHSA-2026:1717) that addresses these issues by updating the fence-agents packages. The advisory references detailed CVE pages for further information. The vulnerabilities are rated as having important security impact by Red Hat, with no CVSS scores provided in the advisory.
Potential Impact
The vulnerabilities affect the urllib3 streaming API used by fence-agents, potentially allowing improper handling of compressed data and bypass of decompression-bomb safeguards. This could lead to resource exhaustion or denial of service conditions during cluster node management operations. The impact is limited to environments using the affected fence-agents packages on Red Hat Enterprise Linux 9.4 EUS and related variants. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated fence-agents packages that address these vulnerabilities. Users should apply the security update RHSA-2026:1717 as detailed in the Red Hat advisory (https://access.redhat.com/articles/11258) to remediate the issues. No additional mitigation steps are indicated by the vendor beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:1717
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-21441"]
- Cvss Version
- null
Threat ID: 6a16096ce29bf47b50632aa2
Added to database: 5/26/2026, 8:58:20 PM
Last enriched: 5/27/2026, 1:20:32 AM
Last updated: 5/27/2026, 4:55:46 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.