Threats Tagged 'cve-2026-32141'

Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

Network flows collector and monitoring solution.

See the release notes (link in the references section) for a description of the fixes and enhancements in this particular release.

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP). Security Fixes: * containerd local privilege excalation (CVE-2024-25621) * SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)

This release of Red Hat build of Quarkus 3.20.6.SP1 includes the following CVE fixes: * quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests [quarkus-3.20] (CVE-2026-39852) * bcprov-jdk18on: GOSTCTR implementation unable to process more than 255 blocks correctly [quarkus-3.20] (CVE-2025-14813) * bcpkix-jdk18on: PKIX draft CompositeVerifier accepts empty signature sequence as valid [quarkus-3.20] (CVE-2026-5588) * bcprov-jdk18on: LDAP injection vulnerability in LDAPStoreHelper.java [quarkus-3.20] (CVE-2026-0636) For more information, see the release notes page listed in the References section.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. For details about this release, refer to the release notes listed in the References section.

CVE-2026-32141 is a high-severity vulnerability in the WebReflection flatted library versions prior to 3.4.0. The flaw arises from uncontrolled recursion in the parse() function's revive() phase, which resolves circular references in JSON data. Crafted payloads with deeply nested or self-referential indices can trigger unbounded recursion, causing a stack overflow and crashing the Node.js process. This vulnerability does not impact confidentiality or integrity but results in denial of service by crashing applications using the affected library. Exploitation requires no privileges or user interaction and can be performed remotely by supplying malicious JSON input. The issue is fixed in version 3.4.

HighVulnerabilityUnited StatesIndiaGermany+8#cve#cve-2026-32141#cwe-674