Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14025

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-08 Jan, 2026 | 13:44
Updated At-26 Feb, 2026 | 15:04
Rejected At-
Credits

Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:08 Jan, 2026 | 13:44
Updated At:26 Feb, 2026 | 15:04
Rejected At:
▼CVE Numbering Authority (CNA)
Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
automation-gateway
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
  • cpe:/a:redhat:ansible_automation_platform:2.5::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.5.20260106-1.el8ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
automation-gateway
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
  • cpe:/a:redhat:ansible_automation_platform:2.5::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.5.20260106-1.el9ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
automation-gateway
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.6.20260106-1.el9ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
ansible-automation-platform-25/gateway-rhel8
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
Default Status
affected
Versions
Unaffected
  • From sha256:2df290b61d7aac08deec2973d0a9b98788f6b619e974af0b3f4b61c759c7e464 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
ansible-automation-platform-26/gateway-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
affected
Versions
Unaffected
  • From sha256:766c7570afc4e9b163a3256a0d7c699327905c1d24213229acb0b96a9e65b615 before * (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-279Incorrect Execution-Assigned Permissions
Type: CWE
CWE ID: CWE-279
Description: Incorrect Execution-Assigned Permissions
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Defense-in-depth practices such as using RBAC to enforce the principle of least privilege and careful token management are essential to reduce the scope of impact. See this KCS article for additional details and strategies. https://access.redhat.com/articles/7136004

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2025-12-04 12:28:51
Made public.2025-12-04 10:10:00
Event: Reported to Red Hat.
Date: 2025-12-04 12:28:51
Event: Made public.
Date: 2025-12-04 10:10:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/articles/7136004
N/A
https://access.redhat.com/errata/RHSA-2026:0360
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0361
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0408
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0409
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-14025
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2418785
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/articles/7136004
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0360
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0361
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0408
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0409
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-14025
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2418785
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:08 Jan, 2026 | 14:15
Updated At:08 Jan, 2026 | 23:15

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-279Secondarysecalert@redhat.com
CWE ID: CWE-279
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/articles/7136004secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0360secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0361secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0408secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0409secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2025-14025secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2418785secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/articles/7136004
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0360
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0361
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0408
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0409
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-14025
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2418785
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

13Records found

CVE-2026-57281
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.08%
||
7 Day CHG+0.21%
Published-24 Jun, 2026 | 13:20
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Action-Not Available
Vendor-Red Hat, Inc.Jenkins
Product-script_securityJenkins Script Security PluginOpenShift Developer Tools and Services
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2026-5483
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.5||HIGH
EPSS-0.49% / 38.65%
||
7 Day CHG+0.01%
Published-10 Apr, 2026 | 17:33
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Odh-dashboard: odh dashboard kubernetes service account exposure

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_aiRed Hat OpenShift AI 2.16Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat OpenShift AI 3.2Red Hat OpenShift AI 2.16Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat OpenShift AI 3.2
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2026-43998
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.72% / 49.46%
||
7 Day CHG+0.10%
Published-13 May, 2026 | 17:19
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.

Action-Not Available
Vendor-vm2_projectpatriksimekRed Hat, Inc.
Product-vm2vm2Self-service automation portal 2Red Hat Developer Hub
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-43003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.84% / 53.28%
||
7 Day CHG+0.14%
Published-01 May, 2026 | 00:00
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.

Action-Not Available
Vendor-Red Hat, Inc.OpenStack
Product-ironic_python_agentironic-python-agentRed Hat OpenShift Container Platform 4
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-40938
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.79% / 51.71%
||
7 Day CHG+0.27%
Published-21 Apr, 2026 | 20:45
Updated-30 Jun, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.

Action-Not Available
Vendor-tektoncdThe Linux FoundationRed Hat, Inc.
Product-tekton_pipelinespipelineRed Hat OpenShift Pipelines 1.21Red Hat OpenShift AI (RHOAI)OpenShift LightspeedRed Hat OpenShift Builds 1.8.0Red Hat OpenShift Virtualization 4OpenShift PipelinesRed Hat Trusted Artifact SignerRed Hat OpenShift Builds 1.7.3OpenShift Serverless
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-40477
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.86% / 54.09%
||
7 Day CHG+0.21%
Published-17 Apr, 2026 | 21:53
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper restriction of the scope of accessible objects in Thymeleaf expressions

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potentially sensitive objects to be reached from within a template. If an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library's protections to achieve Server-Side Template Injection (SSTI). This issue has ben fixed in version 3.1.4.RELEASE.

Action-Not Available
Vendor-thymeleafthymeleafRed Hat, Inc.
Product-thymeleafthymeleaforg.thymeleaf:thymeleaf-spring6org.thymeleaf:thymeleaf-spring5Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7Red Hat build of Apache Camel for Spring Boot 4Red Hat OpenShift Dev Spaces 3.28Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2026-40478
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.78% / 51.29%
||
7 Day CHG+0.19%
Published-17 Apr, 2026 | 21:57
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for the execution of unauthorized expressions. If an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library's protections to achieve Server-Side Template Injection (SSTI). This issue has ben fixed in version 3.1.4.RELEASE.

Action-Not Available
Vendor-thymeleafthymeleafRed Hat, Inc.
Product-thymeleafthymeleaforg.thymeleaf:thymeleaf-spring6org.thymeleaf:thymeleaf-spring5Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7Red Hat build of Apache Camel for Spring Boot 4Red Hat OpenShift Dev Spaces 3.28Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2026-34971
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-0.32% / 23.70%
||
7 Day CHG+0.06%
Published-09 Apr, 2026 | 18:45
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging computations for the same address: one for the address to bounds-check and one for the address to load. This difference in address being operated on means that a guest module can pass a bounds check but then load a different address. Combined together this enables an arbitrary read/write primitive for guest WebAssembly when accesssing host memory. This is a sandbox escape as guests are able to read/write arbitrary host memory. This vulnerability has a few ingredients, all of which must be met, for this situation to occur and bypass the sandbox restrictions. This miscompiled shape of load only occurs on 64-bit WebAssembly linear memories, or when Config::wasm_memory64 is enabled. 32-bit WebAssembly is not affected. Spectre mitigations or signals-based-traps must be disabled. When spectre mitigations are enabled then the offending shape of load is not generated. When signals-based-traps are disabled then spectre mitigations are also automatically disabled. The specific bug in Cranelift is a miscompile of a load of the shape load(iadd(base, ishl(index, amt))) where amt is a constant. The amt value is masked incorrectly to test if it's a certain value, and this incorrect mask means that Cranelift can pattern-match this lowering rule during instruction selection erroneously, diverging from WebAssembly's and Cranelift's semantics. This incorrect lowering would, for example, load an address much further away than intended as the correct address's computation would have wrapped around to a smaller value insetad. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.

Action-Not Available
Vendor-bytecodealliancebytecodeallianceRed Hat, Inc.
Product-wasmtimewasmtimeRed Hat Connectivity Link 1Red Hat Enterprise Linux 10
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-32871
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.99% / 58.18%
||
7 Day CHG-0.09%
Published-02 Apr, 2026 | 14:52
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the _build_url() method. When an OpenAPI operation defines path parameters (e.g., /api/v1/users/{user_id}), the system directly substitutes parameter values into the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() resolves the final URL. Since urljoin() interprets ../ sequences as directory traversal, an attacker controlling a path parameter can perform path traversal attacks to escape the intended API prefix and access arbitrary backend endpoints. This results in authenticated SSRF, as requests are sent with the authorization headers configured in the MCP provider. This issue has been patched in version 3.2.0.

Action-Not Available
Vendor-jlowinPrefectHQRed Hat, Inc.
Product-fastmcpfastmcpRed Hat Satellite 6Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-1312
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
ShareView Details
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
CVSS Score-5.4||MEDIUM
EPSS-0.80% / 52.16%
||
7 Day CHG+0.31%
Published-03 Feb, 2026 | 14:36
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential SQL injection via QuerySet.order_by and FilteredRelation

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.

Action-Not Available
Vendor-Red Hat, Inc.Django
Product-djangoDjangoRed Hat Ansible Automation Platform 2.6Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6.18Red Hat Discovery 2Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat OpenStack Platform 18.0Red Hat Ansible Automation Platform 2Red Hat Satellite 6.16 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat OpenStack Platform 16.2Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Satellite 6Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Satellite 6.18 for RHEL 9Red Hat OpenStack Platform 17.1Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-13325
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.5||HIGH
EPSS-0.17% / 6.83%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 10:41
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener proxies directly into the target virt-launcher's virtqemud control socket. An attacker with a running pod on the cluster network can connect to this listener and issue unfiltered libvirt RPC commands against another tenant's virtual machine, including reading VM memory and configuration, modifying VM state via QMP, or destroying the VM. The bind address is unconditionally 0.0.0.0 — configuring a dedicated migration network via migrations.network only changes the advertised migration IP, not the listener bind address, so the port remains reachable on the pod network even when a dedicated migration network is configured. The API documentation describes disableTLS as removing "the additional layer of live migration encryption" without disclosing that it also removes all mutual authentication.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Virtualization 4
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-4948
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 2.03%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 05:30
Updated-15 May, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.

Action-Not Available
Vendor-firewalldRed Hat, Inc.
Product-firewalldenterprise_linuxRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-279
Incorrect Execution-Assigned Permissions
CVE-2025-12801
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.79%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 15:25
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nfs-utils: rpc.mountd in the nfs-utils privilege escalation

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Action-Not Available
Vendor-linux-nfsRed Hat, Inc.
Product-nfs-utilsenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Ceph Storage 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.19
CWE ID-CWE-279
Incorrect Execution-Assigned Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
Details not found