This advisory announces the general availability of the satellite/iop-insights-engine-rhel9 container image for Red Hat Lightspeed in Satellite, a tool that locally analyzes system health and configuration by applying predefined rules to a small set of local data such as installed packages, running services, and configuration settings. The advisory references three CVEs (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441) associated with this component. The vendor advisory does not provide details on specific vulnerabilities or fixes, nor does it mention any patch availability. The product is not a cloud service, and no known exploits in the wild have been reported. The advisory directs users to Red Hat Satellite documentation for installation and configuration guidance.

The impact is classified as high severity, indicating that the vulnerabilities could potentially affect system health analysis and configuration integrity within Red Hat Satellite environments using the Lightspeed component. However, no known exploits in the wild have been reported, and the advisory does not specify the exact nature of the impact or exploitation scenarios. The vulnerabilities are associated with CWEs 770 (Allocation of Resources Without Limits or Throttling) and 409 (Improper Management of Critical State Data), which may imply risks related to resource management and state data handling.

The vendor advisory does not mention any available patches or fixes for the referenced CVEs. It provides guidance to use the newly available satellite/iop-insights-engine-rhel9 container image and refers users to the official Red Hat Satellite documentation for installation and configuration of Red Hat Lightspeed in Satellite. Since this is not a cloud service, remediation depends on user deployment and configuration. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No specific mitigation steps beyond using the updated container image and following official documentation are provided.