This Red Hat security advisory (RHSA-2026:7110) announces the release of RHACS 4.8.10, which includes security patches and bug fixes for Red Hat Advanced Cluster Security for Kubernetes. The update addresses 12 CVEs, including CVE-2026-25128 and others, covering weaknesses such as improper input validation, resource management errors, code injection, cross-site scripting, and authorization issues (as indicated by associated CWEs). The advisory highlights a fix for Helm charts not configuring image pull secrets for the scanner ServiceAccount. The vendor provides updated container images for multiple CPU architectures. No CVSS scores are provided, and no known exploits are reported. The advisory recommends upgrading from earlier versions to apply these fixes.

The vulnerabilities addressed in RHACS 4.8.10 are rated as high severity by Red Hat. They include multiple security issues that could potentially affect the security posture of Kubernetes clusters managed by RHACS. The lack of known exploits in the wild suggests no active exploitation at this time. However, the presence of multiple CVEs and CWEs indicates a range of potential risks including code injection, improper authorization, and resource management flaws. Applying the update reduces the risk of these vulnerabilities being exploited.

Red Hat has released RHACS version 4.8.10 containing security patches and bug fixes for the identified vulnerabilities. Users running earlier versions of RHACS are advised to upgrade to version 4.8.10 to benefit from these security enhancements. Updated container images are available for multiple architectures and should be deployed accordingly. There is no indication from the vendor advisory that additional mitigation steps are required beyond upgrading to the fixed version.