Red Hat Security Advisory: RHOAI 2.25.8 - Red Hat OpenShift AI
Red Hat OpenShift AI version 2.25.8 addresses multiple security vulnerabilities identified by CVE-2026-35029, CVE-2026-35030, and CVE-2026-42271. These vulnerabilities are categorized under CWE-425 (Direct Request), CWE-222 (Truncation Error), and CWE-78 (OS Command Injection). The advisory indicates an important security update with updated images available for deployment. No specific patch details or fixed version ranges are provided in the advisory. There are no known exploits in the wild at the time of publication. Users are advised to follow Red Hat's official upgrade documentation to apply the update properly.
AI Analysis
Technical Summary
The Red Hat security advisory RHSA-2026:28960 announces the release of Red Hat OpenShift AI 2.25.8, which includes fixes for three security vulnerabilities: CVE-2026-35029, CVE-2026-35030, and CVE-2026-42271. These vulnerabilities relate to issues such as improper handling of direct requests, truncation errors, and OS command injection. The advisory provides updated container images for multiple architectures and directs users to official documentation for upgrade instructions. No explicit patch or remediation details are stated in the advisory content. The vulnerabilities have been classified as high severity, but no CVSS scores are provided. There are no reports of active exploitation in the wild.
Potential Impact
The vulnerabilities affect Red Hat OpenShift AI and potentially allow attackers to exploit weaknesses related to direct request handling, truncation errors, and OS command injection. These issues could lead to unauthorized actions or command execution within the affected environment. The advisory classifies the severity as high, indicating significant risk if unaddressed. However, no active exploitation has been reported.
Mitigation Recommendations
Red Hat has released version 2.25.8 of OpenShift AI to address these vulnerabilities. Users should upgrade to this version following the official Red Hat documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_ai/. The advisory does not specify any temporary workarounds or mitigations beyond applying the update. Patch status is not explicitly confirmed in the advisory text; therefore, users should consult the vendor documentation and errata for the latest remediation guidance.
Red Hat Security Advisory: RHOAI 2.25.8 - Red Hat OpenShift AI
Description
Red Hat OpenShift AI version 2.25.8 addresses multiple security vulnerabilities identified by CVE-2026-35029, CVE-2026-35030, and CVE-2026-42271. These vulnerabilities are categorized under CWE-425 (Direct Request), CWE-222 (Truncation Error), and CWE-78 (OS Command Injection). The advisory indicates an important security update with updated images available for deployment. No specific patch details or fixed version ranges are provided in the advisory. There are no known exploits in the wild at the time of publication. Users are advised to follow Red Hat's official upgrade documentation to apply the update properly.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat security advisory RHSA-2026:28960 announces the release of Red Hat OpenShift AI 2.25.8, which includes fixes for three security vulnerabilities: CVE-2026-35029, CVE-2026-35030, and CVE-2026-42271. These vulnerabilities relate to issues such as improper handling of direct requests, truncation errors, and OS command injection. The advisory provides updated container images for multiple architectures and directs users to official documentation for upgrade instructions. No explicit patch or remediation details are stated in the advisory content. The vulnerabilities have been classified as high severity, but no CVSS scores are provided. There are no reports of active exploitation in the wild.
Potential Impact
The vulnerabilities affect Red Hat OpenShift AI and potentially allow attackers to exploit weaknesses related to direct request handling, truncation errors, and OS command injection. These issues could lead to unauthorized actions or command execution within the affected environment. The advisory classifies the severity as high, indicating significant risk if unaddressed. However, no active exploitation has been reported.
Mitigation Recommendations
Red Hat has released version 2.25.8 of OpenShift AI to address these vulnerabilities. Users should upgrade to this version following the official Red Hat documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_ai/. The advisory does not specify any temporary workarounds or mitigations beyond applying the update. Patch status is not explicitly confirmed in the advisory text; therefore, users should consult the vendor documentation and errata for the latest remediation guidance.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:28960
- Cve Count
- 3
- Additional Cves
- ["CVE-2026-35030","CVE-2026-42271"]
- Cvss Version
- null
Threat ID: 6a3c0ceaeed863c81e237316
Added to database: 06/24/2026, 16:59:22 UTC
Last enriched: 06/24/2026, 17:00:31 UTC
Last updated: 06/24/2026, 19:01:40 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.