This Red Hat security advisory (RHSA-2026:16528) announces a bug fix and enhancement update for Red Hat Hardened Images RPMs, focusing on tomcat10 packages updated to version 10.1.55-1.hum1. The update addresses three CVEs: CVE-2026-42498, CVE-2026-43512, and CVE-2026-43514, which relate to issues categorized under CWE-201 (Information Exposure), CWE-303 (Incorrect Implementation), and CWE-208 (Information Exposure Through Error Message). The advisory does not provide CVSS scores or detailed vulnerability descriptions but classifies the severity as medium. There are no known exploits in the wild. The update is available through Red Hat's standard RPM update channels for hardened images. No cloud service is involved, so remediation is managed by applying the updated RPMs.

The vulnerabilities addressed involve potential information exposure and implementation errors as indicated by the associated CWEs. The medium severity suggests moderate risk, potentially allowing attackers to gain unintended information or cause incorrect behavior in affected tomcat10 components within Red Hat Hardened Images. No active exploitation has been reported, reducing immediate risk. The impact is limited to environments using the affected RPM packages prior to the update.

Red Hat has released updated RPM packages for tomcat10 (version 10.1.55-1.hum1) that fix the identified vulnerabilities. Users of Red Hat Hardened Images should apply these updates promptly to remediate the issues. Since this is not a cloud service, remediation requires manual update of the affected RPMs. No additional mitigation steps are specified or required beyond applying the provided update. Patch status is confirmed by the vendor advisory.