Threats Tagged 'cve-2026-7246'

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.6.1 replaces Data Grid 8.6.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.6.1 in the Release Notes[3]. Security Fix(es): * CVE-2026-33871 netty-codec-http: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood [jdg-8] (CVE-2026-33871) * CVE-2026-33870 netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values [jdg-8] (CVE-2026-33870) * CVE-2026-42043 axios: Axios: NO_PROXY bypass via crafted URL [jdg-8] (CVE-2026-42043) * CVE-2026-42041 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling [jdg-8.6] (CVE-2026-42041) * CVE-2026-42039 axios: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data [jdg-8.6] (CVE-2026-42039) * CVE-2026-42033 axios: Axios: HTTP Transport Hijacking via Prototype Pollution [jdg-8.6] (CVE-2026-42033) * CVE-2026-40975 spring-boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure. [jdg-8.6] (CVE-2026-40975) * CVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template imports [jdg-8.6] (CVE-2026-4800) * CVE-2026-41240 dompurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [jdg-8.6] (CVE-2026-41240) * CVE-2026-34481 log4j-layout-template-json: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output [jdg-8.6] (CVE-2026-34481) * CVE-2026-34480 log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging [jdg-8.6] (CVE-2026-34480) * CVE-2026-34478 log4j-core-test: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames [jdg-8.6] (CVE-2026-34478) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Network flows collector and monitoring solution.

Red Hat OpenShift Data Foundation 4.16.26 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6193: Backport to odf-4.16.26 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy DFBUGS-5940: Backport to odf-4.16.z [External Mode]: noobaa-default-backing-store is in creating state due to "CheckExternalConnection Status=UNKNOWN_FAILURE Error=SELF_SIGNED_CERT_IN_CHAIN"

See the release notes (link in the references section) for a description of the fixes and enhancements in this particular release.

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.6.1 replaces Data Grid 8.6.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.6.1 in the Release Notes[3]. Security Fix(es): * CVE-2026-33871 netty-codec-http: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood [jdg-8] (CVE-2026-33871) * CVE-2026-33870 netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values [jdg-8] (CVE-2026-33870) * CVE-2026-42043 axios: Axios: NO_PROXY bypass via crafted URL [jdg-8] (CVE-2026-42043) * CVE-2026-42041 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling [jdg-8.6] (CVE-2026-42041) * CVE-2026-42039 axios: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data [jdg-8.6] (CVE-2026-42039) * CVE-2026-42033 axios: Axios: HTTP Transport Hijacking via Prototype Pollution [jdg-8.6] (CVE-2026-42033) * CVE-2026-40975 spring-boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure. [jdg-8.6] (CVE-2026-40975) * CVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template imports [jdg-8.6] (CVE-2026-4800) * CVE-2026-41240 dompurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [jdg-8.6] (CVE-2026-41240) * CVE-2026-34481 log4j-layout-template-json: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output [jdg-8.6] (CVE-2026-34481) * CVE-2026-34480 log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging [jdg-8.6] (CVE-2026-34480) * CVE-2026-34478 log4j-core-test: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames [jdg-8.6] (CVE-2026-34478) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. For details about this release, refer to the release notes listed in the References section.

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.