Threats Tagged 'cve-2026-23490'

Red Hat Enterprise Linux AI 3. 3. 3 includes a security advisory addressing multiple vulnerabilities identified by CVE-2026-23490, CVE-2026-30922, and CVE-2026-40192. These vulnerabilities relate to issues categorized under CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-835 (Loop with Unreachable Exit Condition), and CWE-409 (Improper Synchronization). The advisory highlights the availability of the updated Red Hat Enterprise Linux AI 3. 3. 3 release but does not explicitly state that a fix has been applied for these CVEs. No known exploits are reported in the wild. The vendor advisory instructs users to ensure all previously released errata are applied before updating. Patch status is not explicitly confirmed in the advisory content provided.

Red Hat released security updates for the Service Telemetry Framework (STF) version 1. 5. 7 addressing multiple vulnerabilities. These include denial of service issues due to memory exhaustion and unbounded recursion in pyasn1, privilege escalation or arbitrary code execution via malicious wheel file unpacking, incorrect parsing of IPv6 host literals, denial of service in certificate chain building, and excessive resource consumption during host certificate validation error printing. The STF collects telemetry data from remote clients and transmits it to a centralized Red Hat OpenShift deployment. The advisory provides updated container images to remediate these issues.

Red Hat Ansible Automation Platform 2. 6 has multiple security vulnerabilities affecting components such as automation-controller, automation-gateway, automation-platform-ui, and various Python libraries. These issues include account hijacking via unverified email linking, denial of service through malformed inputs, buffer overflows, remote code execution via path traversal, and incorrect parsing of IPv6 literals. The vulnerabilities collectively pose risks of unauthorized access, denial of service, and remote code execution. Red Hat has issued an important security advisory with patches addressing these issues for supported versions of the platform.

Red Hat Ansible Automation Platform 2. 5 for RHEL 8 and 9 contains multiple security vulnerabilities including account hijacking via unverified email linking, denial of service through malformed HTML-like sequences and XML entity expansion, remote code execution via path traversal, memory exhaustion, and parsing errors. These issues affect various components such as automation-controller, automation-gateway, python libraries, and receptor. Red Hat has released an important security advisory (RHSA-2026:13512) addressing these vulnerabilities with updated packages. Users of affected versions should apply the provided updates to remediate these issues.

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The update includes fixes for a total of 24 CVEs affecting the platform, which provides an enterprise framework for IT automation. The advisory emphasizes applying all previously released errata before this update. No known exploits are reported in the wild. The vulnerabilities cover a broad range of weaknesses as indicated by multiple CWE identifiers. The update is classified with high severity.

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 5 container release update addressing multiple vulnerabilities identified by CVE-2025-69227 and nine additional CVEs. The platform provides an enterprise framework for IT automation at scale. The advisory indicates an important update is available to fix these vulnerabilities. No known exploits are reported in the wild. The update requires applying all previously released errata before upgrading. Detailed release notes and upgrade instructions are provided by Red Hat.

Red Hat OpenShift Container Platform 4. 18. 42 includes security updates addressing multiple vulnerabilities in Golang libraries and pyasn1. These issues involve memory exhaustion, denial of service due to excessive resource consumption, unbounded memory allocation, excessive CPU consumption, and incorrect TLS certificate validation. The update is rated as Important by Red Hat Product Security. Users of OpenShift Container Platform 4. 18 are advised to upgrade to the updated packages and images via the appropriate release channels. Detailed upgrade instructions are provided by Red Hat. No known exploits in the wild have been reported for these vulnerabilities.

Red Hat Ansible Automation Platform 2. 5 has multiple security vulnerabilities affecting components such as automation-controller, automation-gateway, python3. 11 libraries (aiohttp, django, protobuf), and receptor. These include privilege escalation, arbitrary code execution, denial of service, SQL injection, cross-site scripting via open redirects, and memory exhaustion. The advisory provides updates and fixes, including upgrading Python to version 3. 12 and various component updates. Users must apply the latest installer version to ensure successful upgrade and remediation.

Red Hat Update Infrastructure (RHUI) 5. 1 container images have been updated to the latest versions of RHUI RPM packages and base images (ubi9 or ubi9-init). This security advisory addresses multiple vulnerabilities identified by CVE-2025-9086 and 31 additional CVEs affecting RHUI components. The advisory is classified as high severity but does not provide specific technical details or exploit information. No known exploits in the wild have been reported. The vendor advisory does not explicitly state that a patch or official fix is available, nor does it provide direct remediation instructions beyond recommending deployment of updated container images using the rhui-installer utility.

The Red Hat Trusted Artifact Signer (RHTAS) Operator version 1. 3. 4 is associated with multiple vulnerabilities, including CVE-2025-68121 and seven others. It is designed for use with OpenShift Container Platform versions 4. 16 through 4. 21 to facilitate cryptographic signing and verification of software artifacts. The advisory does not specify any fixes or patches for these vulnerabilities. No known exploits are reported in the wild. The vulnerabilities have been classified with a high severity level by the source, but no CVSS score is provided.