Threats Tagged 'cve-2026-4800'

Red Hat has issued a security advisory for the pcs packages used in configuring Pacemaker and Corosync utilities. The update addresses two vulnerabilities: CVE-2026-31958, a denial of service issue in the Tornado Python framework caused by large multipart bodies, and CVE-2026-4800, an arbitrary code execution vulnerability in lodash via untrusted input in template imports. The advisory rates the security impact as Important and provides updated packages for Red Hat Enterprise Linux 9. 0 variants. No CVSS scores are provided in the advisory. No known exploits in the wild have been reported at this time.

This advisory addresses security vulnerabilities in the pcs packages used for configuring Pacemaker and Corosync on Red Hat Enterprise Linux 8. 4. It includes fixes for two vulnerabilities: CVE-2026-31958, a denial of service issue in tornado-python caused by large multipart bodies, and CVE-2026-4800, an arbitrary code execution vulnerability in lodash via untrusted input in template imports. Red Hat has released updated pcs packages to remediate these issues. The advisory rates the overall impact as Important, and no known exploits are reported in the wild at this time.

This Red Hat security advisory addresses vulnerabilities in the pcs packages used for configuring Pacemaker and Corosync utilities. It includes fixes for two vulnerabilities: CVE-2026-31958, a denial of service issue in tornado-python caused by large multipart bodies, and CVE-2026-4800, an arbitrary code execution vulnerability in lodash via untrusted input in template imports. The advisory rates the security impact as Important (high severity). Updated pcs packages are available for Red Hat Enterprise Linux 8. 6 variants to remediate these issues.

Red Hat has issued a security advisory for the pcs packages used in Red Hat Enterprise Linux 8. 8 High Availability variants. The update addresses two vulnerabilities: CVE-2026-31958, a denial of service issue in tornado-python caused by large multipart bodies, and CVE-2026-4800, an arbitrary code execution vulnerability in lodash via untrusted input in template imports. The advisory rates the security impact as Important and provides updated package versions to remediate these issues. No known exploits are reported in the wild at this time.

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The update includes fixes for a total of 24 CVEs affecting the platform, which provides an enterprise framework for IT automation. The advisory emphasizes applying all previously released errata before this update. No known exploits are reported in the wild. The vulnerabilities cover a broad range of weaknesses as indicated by multiple CWE identifiers. The update is classified with high severity.

Red Hat Developer Hub (RHDH) version 1. 9. 4 addresses multiple critical security vulnerabilities affecting its enterprise-grade developer portal platform. RHDH is a self-managed, customizable portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references 25 CVEs including CVE-2025-62718 and others, indicating a broad set of security issues. The vendor has released RHDH 1. 9. 4 to fix these vulnerabilities. No known exploits are reported in the wild at this time.

Multiple security vulnerabilities have been identified in Red Hat's Network Observability 1. 11. 2 for OpenShift, a network flows collector and monitoring solution. The advisory references 13 CVEs including CVE-2025-62718 and others, with a high severity rating. No known exploits are reported in the wild. The vendor advisory does not explicitly state that a fix is available and does not list any patches. The advisory provides guidance on applying updates but does not confirm remediation status. The product is not a cloud service, so remediation depends on user action. The vulnerabilities involve a range of CWEs indicating issues such as improper input validation and potential code execution risks. No specific affected countries are identified.

Red Hat OpenShift Data Foundation 4. 16. 26 includes a security, enhancement, and bug fix update addressing issues including two CVEs: CVE-2026-4800 and CVE-2026-33036. The update fixes bugs related to operator image usage and external connection errors involving self-signed certificates. No explicit technical details or exploitation methods are provided. The advisory does not confirm known exploits in the wild. Patch status is not explicitly stated in the advisory content.

A security vulnerability (CVE-2026-4800) affecting the pcs packages in Red Hat Enterprise Linux 9 has been identified. The issue involves lodash, where arbitrary code execution can occur via untrusted input in template imports. This vulnerability impacts the command-line configuration system for Pacemaker and Corosync utilities. Red Hat has issued an important security advisory and released updated pcs packages to address this flaw. The vulnerability is rated as high severity by Red Hat Product Security. No known exploits are reported in the wild at this time. The advisory provides detailed instructions for applying the update to affected Red Hat Enterprise Linux High Availability and Resilient Storage products. Users should apply the provided update to mitigate the risk.

This advisory concerns multiple vulnerabilities affecting the Migration Toolkit for Virtualization (MTV) RHEL9 images provided by Red Hat. The advisory references eight CVEs including CVE-2026-4598 and others, but does not provide detailed technical descriptions or CVSS scores. The advisory states that updated images fixing several bugs and adding enhancements are available, but does not explicitly confirm fixes for these CVEs. No known exploits in the wild are reported. The advisory recommends applying all previously released errata before updating. Patch status is not explicitly confirmed in the advisory.