Red Hat Security Advisory: rhc security update
This advisory addresses security vulnerabilities in the rhc client tool and daemon used for connecting Red Hat systems to hosted services for system and subscription management. Two vulnerabilities are fixed: CVE-2026-32282, where the golang internal syscall Root. Chmod function can follow symlinks outside the root directory, and CVE-2026-32283, a denial of service vulnerability in Go's crypto/tls via multiple TLS 1. 3 key update messages. The update is rated as Important by Red Hat Product Security and affects multiple Red Hat Enterprise Linux 9 variants and architectures. A security update is available to remediate these issues. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
The rhc tool, which facilitates system and subscription management by connecting to Red Hat hosted services, contains two security vulnerabilities. CVE-2026-32282 involves a golang internal syscall where Root.Chmod can follow symbolic links outside the root directory, potentially leading to unauthorized file permission changes. CVE-2026-32283 is a denial of service vulnerability in the Go crypto/tls package triggered by multiple TLS 1.3 key update messages. Red Hat has released an update for rhc in Red Hat Enterprise Linux 9 and related products to address these issues. The advisory references Red Hat's errata RHSA-2026:19369 for detailed patching instructions.
Potential Impact
The vulnerabilities could allow an attacker to manipulate file permissions outside the intended root directory (CVE-2026-32282) and cause denial of service conditions in TLS communications (CVE-2026-32283). These issues impact system security and availability on affected Red Hat Enterprise Linux 9 systems using the rhc tool. No evidence of exploitation in the wild is currently known.
Mitigation Recommendations
A security update for the rhc package is available from Red Hat for affected Red Hat Enterprise Linux 9 variants and architectures. Users should apply the update as described in Red Hat advisory RHSA-2026:19369 and the referenced article https://access.redhat.com/articles/11258 to remediate these vulnerabilities. Since this is an official fix from Red Hat, applying the update fully mitigates the issues.
Red Hat Security Advisory: rhc security update
Description
This advisory addresses security vulnerabilities in the rhc client tool and daemon used for connecting Red Hat systems to hosted services for system and subscription management. Two vulnerabilities are fixed: CVE-2026-32282, where the golang internal syscall Root. Chmod function can follow symlinks outside the root directory, and CVE-2026-32283, a denial of service vulnerability in Go's crypto/tls via multiple TLS 1. 3 key update messages. The update is rated as Important by Red Hat Product Security and affects multiple Red Hat Enterprise Linux 9 variants and architectures. A security update is available to remediate these issues. No known exploits are reported in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The rhc tool, which facilitates system and subscription management by connecting to Red Hat hosted services, contains two security vulnerabilities. CVE-2026-32282 involves a golang internal syscall where Root.Chmod can follow symbolic links outside the root directory, potentially leading to unauthorized file permission changes. CVE-2026-32283 is a denial of service vulnerability in the Go crypto/tls package triggered by multiple TLS 1.3 key update messages. Red Hat has released an update for rhc in Red Hat Enterprise Linux 9 and related products to address these issues. The advisory references Red Hat's errata RHSA-2026:19369 for detailed patching instructions.
Potential Impact
The vulnerabilities could allow an attacker to manipulate file permissions outside the intended root directory (CVE-2026-32282) and cause denial of service conditions in TLS communications (CVE-2026-32283). These issues impact system security and availability on affected Red Hat Enterprise Linux 9 systems using the rhc tool. No evidence of exploitation in the wild is currently known.
Mitigation Recommendations
A security update for the rhc package is available from Red Hat for affected Red Hat Enterprise Linux 9 variants and architectures. Users should apply the update as described in Red Hat advisory RHSA-2026:19369 and the referenced article https://access.redhat.com/articles/11258 to remediate these vulnerabilities. Since this is an official fix from Red Hat, applying the update fully mitigates the issues.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19369
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-32283"]
- Cvss Version
- null
Threat ID: 6a160975e29bf47b5063f014
Added to database: 5/26/2026, 8:58:29 PM
Last enriched: 5/26/2026, 10:07:46 PM
Last updated: 5/27/2026, 4:54:12 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.