Threats Tagged 'cve-2026-4926'

Red Hat has issued a security advisory for Red Hat Ansible Automation Platform 2. 6 container release update addressing multiple vulnerabilities. The update includes fixes for a total of 24 CVEs affecting the platform, which provides an enterprise framework for IT automation. The advisory emphasizes applying all previously released errata before this update. No known exploits are reported in the wild. The vulnerabilities cover a broad range of weaknesses as indicated by multiple CWE identifiers. The update is classified with high severity.

Red Hat Developer Hub (RHDH) version 1. 9. 4 addresses multiple critical security vulnerabilities affecting its enterprise-grade developer portal platform. RHDH is a self-managed, customizable portal based on Backstage. io, supporting major Kubernetes clusters. The advisory references 25 CVEs including CVE-2025-62718 and others, indicating a broad set of security issues. The vendor has released RHDH 1. 9. 4 to fix these vulnerabilities. No known exploits are reported in the wild at this time.

This advisory concerns multiple vulnerabilities affecting the Migration Toolkit for Virtualization (MTV) RHEL9 images provided by Red Hat. The advisory references eight CVEs including CVE-2026-4598 and others, but does not provide detailed technical descriptions or CVSS scores. The advisory states that updated images fixing several bugs and adding enhancements are available, but does not explicitly confirm fixes for these CVEs. No known exploits in the wild are reported. The advisory recommends applying all previously released errata before updating. Patch status is not explicitly confirmed in the advisory.

Migration Toolkit for Virtualization Images

The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20

The Red Hat Trusted Artifact Signer (RHTAS) Operator version 1. 3. 4 is associated with multiple vulnerabilities, including CVE-2025-68121 and seven others. It is designed for use with OpenShift Container Platform versions 4. 16 through 4. 21 to facilitate cryptographic signing and verification of software artifacts. The advisory does not specify any fixes or patches for these vulnerabilities. No known exploits are reported in the wild. The vulnerabilities have been classified with a high severity level by the source, but no CVSS score is provided.

Red Hat OpenShift Dev Spaces 3. 27. 1 is a cloud developer workspace server and browser-based IDE designed for container-based development on OpenShift. The 3. 27 release introduces support for devfile v2. 1 and v2. 2 standards, urging users to migrate from the deprecated v1 standard. This advisory references multiple CVEs, including CVE-2025-61728, indicating a collection of vulnerabilities affecting this product version. No specific fixes or patches are detailed in the advisory, and users are encouraged to update to supported OpenShift releases (v4. 16 and higher) to continue receiving updates.

Red Hat has released updated Cryostat 4 on RHEL 9 container images that address multiple security vulnerabilities affecting various components and libraries. These fixes include patches for denial of service, authorization bypass, information disclosure, request smuggling, memory safety, and arbitrary code execution issues. Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to the updated images and rebuild dependent container images to ensure these vulnerabilities are mitigated.

Red Hat OpenShift distributed tracing platform (Tempo) 3. 9. 2 addresses multiple security vulnerabilities including an authorization bypass in gRPC-Go due to improper HTTP/2 :path validation, denial-of-service flaws in XPath processing and JSON parsing, and several issues in Go standard libraries affecting certificate validation, race conditions, and resource exhaustion. These fixes prevent unauthorized access, denial-of-service conditions, and potential code execution paths. No breaking changes or deprecations are introduced in this release.