Threats Tagged 'cve-2026-35030'

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The update includes fixes for a total of 24 CVEs affecting the platform, which provides an enterprise framework for IT automation. The advisory emphasizes applying all previously released errata before this update. No known exploits are reported in the wild. The vulnerabilities cover a broad range of weaknesses as indicated by multiple CWE identifiers. The update is classified with high severity.

The Red Hat Trusted Artifact Signer (RHTAS) Operator version 1. 3. 4 is associated with multiple vulnerabilities, including CVE-2025-68121 and seven others. It is designed for use with OpenShift Container Platform versions 4. 16 through 4. 21 to facilitate cryptographic signing and verification of software artifacts. The advisory does not specify any fixes or patches for these vulnerabilities. No known exploits are reported in the wild. The vulnerabilities have been classified with a high severity level by the source, but no CVSS score is provided.

CVE-2026-35030 is a critical improper authentication vulnerability in BerriAI's LiteLLM proxy server versions prior to 1. 83. 0 when JWT authentication is enabled. The vulnerability arises because the OIDC userinfo cache uses only the first 20 characters of the JWT token as the cache key. Since JWT headers generated by the same signing algorithm share identical first 20 characters, an attacker can craft a token that matches a legitimate user's cache key, thereby inheriting that user's identity and permissions. This issue affects only deployments with JWT/OIDC authentication enabled, which is not the default configuration. The vulnerability is fixed in version 1. 83. 0.