This Red Hat security advisory addresses three vulnerabilities (CVE-2026-1502, CVE-2026-4786, CVE-2026-6100) in the python3.13 RPM packages distributed as part of Red Hat Hardened Images. The affected packages include python3.13 and its related debug, devel, freethreading, idle, libs, test, and tkinter variants for aarch64 and x86_64 architectures. The advisory provides updated RPM versions (3.13.13-1.1.hum1) that contain security fixes. The vulnerabilities correspond to CWEs 93 (Improper Neutralization of CRLF Sequences), 88 (Argument Injection or Modification), and 825 (Expanding Buffer). While no CVSS scores are provided, the severity is classified as high. The vendor advisory directs users to update their images using Red Hat's image update infrastructure. There are no known exploits in the wild reported at this time.

The vulnerabilities affect multiple python3.13 packages in Red Hat Hardened Images and are rated as high severity. Exploitation could potentially lead to security issues related to improper input handling and buffer expansion, as indicated by the associated CWEs. No known active exploitation has been reported. The impact is limited to affected Red Hat Hardened Images environments using the vulnerable python3.13 packages.

Red Hat has released updated python3.13 RPM packages that address these vulnerabilities. Users of Red Hat Hardened Images should apply the update by following the instructions at https://images.redhat.com/. This update replaces the vulnerable packages with fixed versions. Since this is an official Red Hat security advisory with available updates, applying the provided update is the recommended remediation. No additional mitigation steps are indicated by the vendor advisory.