Threats Tagged 'cve-2026-1526'

A security advisory from Red Hat addresses multiple vulnerabilities in the Node. js 24 module and related components such as undici, brace-expansion, minimatch, and nghttp2. These vulnerabilities include various denial of service issues, HTTP request smuggling, information disclosure, permission bypass, and unauthorized inter-process communication. The advisory covers 18 CVEs affecting Red Hat Enterprise Linux 9 and related distributions. The update is rated as important by Red Hat Product Security, and fixes are available through updated packages. Users of affected Red Hat Enterprise Linux versions are advised to apply the provided updates to mitigate these vulnerabilities.

This Red Hat security advisory addresses multiple vulnerabilities in the Node. js 24 module and related components such as undici, minimatch, and nghttp2. The issues include various denial of service (DoS) vulnerabilities, HTTP request smuggling, information disclosure, permission bypass, unauthorized inter-process communication, and memory leaks. The advisory covers 17 CVEs affecting Red Hat Enterprise Linux 8 and related distributions. Red Hat has released an update to remediate these vulnerabilities. The severity of the overall update is rated as Important by Red Hat, and the advisory provides detailed references and instructions for applying the update.

This Red Hat security advisory addresses multiple denial of service (DoS) vulnerabilities in Node. js 22 and its dependencies, including brace-expansion, minimatch, undici, nghttp2, and Node. js core. The vulnerabilities involve issues such as unbounded brace range expansion, crafted glob patterns causing catastrophic backtracking, unbounded memory consumption during WebSocket decompression, HTTP request smuggling, malformed HTTP/2 frames, and crafted HTTP headers. These flaws could allow an attacker to cause service disruption by exhausting resources or causing crashes. The advisory covers Red Hat Enterprise Linux 9. 6 Extended Update Support and related variants. Red Hat has issued an important security update to address these issues. No known exploits in the wild have been reported at this time.

Multiple denial of service vulnerabilities have been identified in Node. js and several of its dependencies, including undici, minimatch, brace-expansion, and nghttp2, affecting Red Hat Enterprise Linux 10 with nodejs22. These vulnerabilities allow denial of service through various means such as unbounded memory consumption, malformed HTTP/2 frames, crafted WebSocket frames, and specially crafted glob patterns. An important security update from Red Hat addresses these issues. The vulnerabilities are rated as having a high security impact. Administrators should apply the provided Red Hat update to remediate these issues.

Multiple denial of service vulnerabilities have been identified in Node. js and several of its dependencies, including brace-expansion, minimatch, undici, and nghttp2, affecting Red Hat Enterprise Linux 8's nodejs:22 module. These vulnerabilities allow denial of service via various vectors such as unbounded brace range expansion, crafted glob patterns, WebSocket frame manipulation, HTTP request smuggling, malformed HTTP/2 frames, and crafted HTTP headers. Red Hat has issued an important security update addressing these issues. The update rebases nodejs:22 to the latest Node. js 22 release and fixes all listed vulnerabilities. Users of affected Red Hat Enterprise Linux versions should apply the update as per Red Hat's guidance to mitigate these denial of service risks.

Multiple denial of service vulnerabilities and an HTTP request smuggling issue have been identified in Node. js and its dependencies, including brace-expansion, minimatch, undici, and nghttp2. These vulnerabilities affect Red Hat Enterprise Linux 9's nodejs:22 module. The issues include unbounded memory consumption, catastrophic backtracking, malformed HTTP/2 frames, and crafted HTTP headers that can cause denial of service or HTTP request smuggling. Red Hat has released an important security update addressing these vulnerabilities. Users of affected Red Hat Enterprise Linux versions should apply the update to mitigate these risks.

A security update for Node. js 24 on Red Hat Enterprise Linux 10 addresses multiple vulnerabilities including denial of service, information disclosure, permission bypass, HTTP request smuggling, and unauthorized inter-process communication. The update fixes 18 CVEs affecting components such as undici, nghttp2, brace-expansion, minimatch, and the V8 engine. These vulnerabilities could allow attackers to cause denial of service, leak information, or bypass security restrictions. Red Hat has released patches for these issues as part of advisory RHSA-2026:7675.

Red Hat has issued a security advisory for nodejs22 on Red Hat Enterprise Linux 10. 0 Extended Update Support addressing multiple denial of service vulnerabilities in Node. js and associated libraries such as minimatch, undici, and nghttp2. The vulnerabilities include denial of service via crafted glob patterns, WebSocket decompression issues, HTTP request smuggling, malformed HTTP/2 frames, and crafted HTTP headers. These issues could allow an attacker to cause service disruption. The advisory provides updated packages to remediate these vulnerabilities.

Red Hat Developer Hub (RHDH) version 1. 9. 4 addresses multiple critical security vulnerabilities affecting its enterprise-grade developer portal platform. RHDH is a self-managed, customizable portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references 25 CVEs including CVE-2025-62718 and others, indicating a broad set of security issues. The vendor has released RHDH 1. 9. 4 to fix these vulnerabilities. No known exploits are reported in the wild at this time.

Release of RHOAI 2.16.4 provides these changes: