Threats Tagged 'cve-2026-30922'

Red Hat Enterprise Linux AI 3. 3. 3 includes a security advisory addressing multiple vulnerabilities identified by CVE-2026-23490, CVE-2026-30922, and CVE-2026-40192. These vulnerabilities relate to issues categorized under CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-835 (Loop with Unreachable Exit Condition), and CWE-409 (Improper Synchronization). The advisory highlights the availability of the updated Red Hat Enterprise Linux AI 3. 3. 3 release but does not explicitly state that a fix has been applied for these CVEs. No known exploits are reported in the wild. The vendor advisory instructs users to ensure all previously released errata are applied before updating. Patch status is not explicitly confirmed in the advisory content provided.

Red Hat has issued a security advisory for the fence-agents packages used in Red Hat Enterprise Linux 8 and related variants. The update addresses three vulnerabilities: CVE-2026-26007, a subgroup attack due to missing subgroup validation in the cryptography library; CVE-2026-32597, where PyJWT improperly accepts unknown critical header extensions violating RFC 7515; and CVE-2026-30922, a denial of service vulnerability in pyasn1 caused by unbounded recursion. These vulnerabilities affect remote power management scripts critical for cluster node management. The advisory rates the update as Important and provides updated packages to remediate these issues. Users should apply the provided updates to affected Red Hat Enterprise Linux 8 products to mitigate these vulnerabilities.

This security advisory from Red Hat addresses vulnerabilities in the fence-agents packages, which manage remote power control for cluster devices. The update fixes three vulnerabilities: a subgroup attack due to missing subgroup validation in cryptography (CVE-2026-26007), acceptance of unknown critical header extensions in PyJWT violating RFC 7515 (CVE-2026-32597), and a denial of service vulnerability in pyasn1 caused by unbounded recursion (CVE-2026-30922). These issues affect Red Hat Enterprise Linux 9 and related packages. The update is rated as Important by Red Hat Product Security. No known exploits in the wild have been reported. The advisory provides updated packages to remediate these vulnerabilities.

Red Hat has issued a security advisory for the fence-agents packages used in Red Hat Enterprise Linux 10. These packages provide scripts for remote power management of cluster devices, enabling forced restart and removal of failed or unreachable nodes. The update addresses two vulnerabilities: CVE-2026-32597, where PyJWT accepts unknown critical header extensions violating RFC 7515 requirements, and CVE-2026-30922, a denial of service vulnerability in pyasn1 caused by unbounded recursion. The advisory rates the security impact as Important and provides updated packages to remediate these issues.

Red Hat has issued a security advisory for fence-agents packages used in Red Hat Enterprise Linux 10. The update addresses two vulnerabilities: CVE-2026-32597, where PyJWT improperly accepts unknown 'crit' header extensions violating RFC 7515, and CVE-2026-30922, a denial of service vulnerability in pyasn1 caused by unbounded recursion. These vulnerabilities affect remote power management scripts for cluster devices, which are critical for forcibly restarting and removing failed or unreachable nodes. The advisory rates the security impact as Important (high severity).

Red Hat has issued a security advisory for the fence-agents packages used in Red Hat Enterprise Linux 10. 0 Extended Update Support. The advisory addresses two vulnerabilities: CVE-2026-30922, a denial of service vulnerability in pyasn1 caused by unbounded recursion, and CVE-2026-32597, where PyJWT improperly accepts unknown 'crit' header extensions violating RFC 7515. These vulnerabilities affect remote power management scripts for cluster devices, which are critical for managing failed or unreachable nodes. The update is rated as Important by Red Hat Product Security. No CVSS score is provided, but the severity is classified as high. A security update is available to remediate these issues. Users should apply the update as detailed in the Red Hat advisory to mitigate these vulnerabilities.

Red Hat released security updates for the Service Telemetry Framework (STF) version 1. 5. 7 addressing multiple vulnerabilities. These include denial of service issues due to memory exhaustion and unbounded recursion in pyasn1, privilege escalation or arbitrary code execution via malicious wheel file unpacking, incorrect parsing of IPv6 host literals, denial of service in certificate chain building, and excessive resource consumption during host certificate validation error printing. The STF collects telemetry data from remote clients and transmits it to a centralized Red Hat OpenShift deployment. The advisory provides updated container images to remediate these issues.

A security update for the fence-agents packages in Red Hat Enterprise Linux 8. 8 addresses a vulnerability in the pyasn1 library (CVE-2026-30922) that allows denial of service via unbounded recursion. Fence-agents are scripts used for remote power management in cluster environments, enabling the forced restart and removal of failed or unreachable nodes. The vulnerability could potentially disrupt cluster operations by causing denial of service conditions. Red Hat has issued an important security advisory with updated packages to fix this issue. The advisory provides detailed instructions for applying the update. No known exploits are reported in the wild at this time.

Red Hat Quay 3. 10. 20 addresses multiple security vulnerabilities identified by several CVEs including CVE-2026-4599 and related issues. The advisory indicates that this update includes bug fixes but does not specify individual vulnerability details or fixes. No known exploits are reported in the wild. The vendor advisory does not explicitly state that a patch is available for these vulnerabilities, nor does it list specific fixes in this update.

This advisory covers the general availability release of the Red Hat Trusted Artifact Signer (RHTAS) Model Transparency CLI image version 1. 4, which is used to sign and verify AI/ML workloads. The advisory references three CVEs (CVE-2026-27459, CVE-2026-30922, CVE-2026-32597) related to this product but does not provide details on specific vulnerabilities or fixes. No patches or remediation actions are currently provided in the advisory. The tool facilitates creation and validation of signatures and attestations for AI/ML model artifacts using enterprise trust frameworks. There are no known exploits in the wild reported at this time.