Threats Tagged 'cve-2026-25639'

Red Hat OpenShift Pipelines Operator version 1. 21. 1 addresses multiple security vulnerabilities identified under CVE-2025-66506 and related CVEs. The advisory references several CWEs including improper access control and path traversal issues. No explicit patch or fix details are provided in the advisory content, and no known exploits are reported in the wild. The vulnerabilities affect Red Hat OpenShift Pipelines 1. 21 on amd64 architecture. The severity is assessed as high by the source, but no CVSS score is available.

Red Hat has announced the general availability of the satellite/iop-host-inventory-frontend-rhel9 container image for Red Hat Satellite 6. 18. This relates to Red Hat Lightspeed, a component that analyzes system health and configuration locally by applying predefined rules to limited system data. The advisory references three CVEs (CVE-2026-21441, CVE-2026-25639, CVE-2026-40175) but does not provide specific technical details or exploitation information. No patches or fixes are explicitly mentioned in the advisory. The container image enables local generation of recommendations without sending data externally. The severity is marked critical, but no CVSS score is provided.

Red Hat OpenShift Service Mesh 2. 6 includes Kiali 1. 73. 27, which addresses two denial of service vulnerabilities. One vulnerability (CVE-2026-25639) affects Axios via the __proto__ key in mergeConfig, and the other (CVE-2025-61729) affects golang due to excessive resource consumption triggered by a crafted certificate. These vulnerabilities could allow denial of service conditions. Red Hat has issued this advisory with an important security impact and provides updated images and documentation for remediation.

Red Hat Advanced Cluster Management for Kubernetes version 2. 12. 8 includes a security update addressing multiple vulnerabilities. This advisory covers updated container images that provide new features, enhancements, and bug fixes. The vulnerabilities involve several CVEs, including CVE-2025-7195 and six others, with a high severity rating. No specific technical details or exploit information are provided in the advisory. There is no explicit mention of a patch or fix availability in the vendor advisory content. The advisory recommends applying all previously released relevant errata before updating to this release.

Red Hat has announced the general availability of the satellite/iop-advisor-frontend-rhel9 container image for Red Hat Satellite 6. 18. This component is part of Red Hat Lightspeed in Satellite, which analyzes system health and configuration locally by applying predefined rules to limited local data such as installed packages and running services. The advisory references two CVEs (CVE-2026-25639 and CVE-2026-40175) with critical severity but does not provide specific technical details or a CVSS score. No patches or fixes are explicitly mentioned in the advisory, and no known exploits are reported in the wild. The vendor documentation suggests installing and configuring Red Hat Lightspeed locally to generate recommendations without sending data externally.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. For details about this release, refer to the release notes listed in the References section.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. For details about this release, refer to the release notes listed in the References section.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. For details about this release, refer to the release notes listed in the References section.

Red Hat Quay 3. 9. 19 addresses multiple security vulnerabilities identified by CVE-2025-61726 and nine additional CVEs. The advisory indicates that this update includes important bug fixes but does not specify detailed technical information or fixes for the individual vulnerabilities. No known exploits are reported in the wild. The update is not a cloud service and requires manual application by users. Patch status is not explicitly confirmed in the advisory, and no direct fixes are listed in the provided content.

Release of RHOAI 2.16.4 provides these changes: