Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5136

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-01 Jul, 2026 | 13:28
Updated At-02 Jul, 2026 | 03:56
Rejected At-
Credits

Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:01 Jul, 2026 | 13:28
Updated At:02 Jul, 2026 | 03:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.16 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.16::el8
  • cpe:/a:redhat:satellite:6.16::el9
  • cpe:/a:redhat:satellite_capsule:6.16::el8
  • cpe:/a:redhat:satellite_capsule:6.16::el9
  • cpe:/a:redhat:satellite_maintenance:6.16::el8
  • cpe:/a:redhat:satellite_maintenance:6.16::el9
  • cpe:/a:redhat:satellite_utils:6.16::el8
  • cpe:/a:redhat:satellite_utils:6.16::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.12.0.17-1.el8sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.16 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.16::el8
  • cpe:/a:redhat:satellite:6.16::el9
  • cpe:/a:redhat:satellite_capsule:6.16::el8
  • cpe:/a:redhat:satellite_capsule:6.16::el9
  • cpe:/a:redhat:satellite_maintenance:6.16::el8
  • cpe:/a:redhat:satellite_maintenance:6.16::el9
  • cpe:/a:redhat:satellite_utils:6.16::el8
  • cpe:/a:redhat:satellite_utils:6.16::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.12.0.17-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.17 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.17::el9
  • cpe:/a:redhat:satellite_capsule:6.17::el9
  • cpe:/a:redhat:satellite_maintenance:6.17::el9
  • cpe:/a:redhat:satellite_utils:6.17::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.14.0.17-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.18 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.18::el9
  • cpe:/a:redhat:satellite_capsule:6.18::el9
  • cpe:/a:redhat:satellite_utils:6.18::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.16.0.17-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.19 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.19::el9
  • cpe:/a:redhat:satellite_capsule:6.19::el9
  • cpe:/a:redhat:satellite_maintenance:6.19::el9
  • cpe:/a:redhat:satellite_utils:6.19::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.18.0.7-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
satellite-capsule:el8/foreman
CPEs
  • cpe:/a:redhat:satellite:6
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-266Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-03-30 10:41:48
Made public.2026-07-01 12:28:21
Event: Reported to Red Hat.
Date: 2026-03-30 10:41:48
Event: Made public.
Date: 2026-07-01 12:28:21
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2026:34365
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34366
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34367
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34368
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-5136
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2452970
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34365
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34366
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34367
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34368
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-5136
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2452970
Resource:
issue-tracking
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:01 Jul, 2026 | 14:16
Updated At:02 Jul, 2026 | 05:16

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-266Secondarysecalert@redhat.com
CWE ID: CWE-266
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2026:34365secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:34366secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:34367secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:34368secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2026-5136secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2452970secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34365
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34366
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34367
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34368
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-5136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2452970
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

272Records found

CVE-2026-33433
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.47% / 37.23%
||
7 Day CHG+0.02%
Published-27 Mar, 2026 | 13:49
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated attacker can inject their own canonical version of that header to impersonate any identity to the backend. The backend receives two header entries — the attacker-injected canonical one is read first, overriding Traefik's non-canonical write. Versions 2.11.42, 3.6.11, and 3.7.0-ea.3 patch the issue.

Action-Not Available
Vendor-traefiktraefikRed Hat, Inc.
Product-traefiktraefikRed Hat OpenShift Dev Spaces 3.27
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-32590
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.41% / 33.22%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 17:04
Updated-01 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mirror-registry: remote code execution using pickle deserialization

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-quaymirror_registry_for_red_hat_openshiftRed Hat Quay 3.17mirror registry for Red Hat OpenShiftmirror registry for Red Hat OpenShift 2.0Red Hat Quay 3.12Red Hat Quay 3.14Red Hat Quay 3.16Red Hat Quay 3.15Red Hat Quay 3.10Red Hat Quay 3.9
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-3047
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.24%
||
7 Day CHG+0.01%
Published-05 Mar, 2026 | 18:28
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakbuild_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.4.10Red Hat build of Keycloak 26.2.14Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.4.10Red Hat build of Keycloak 26.2.14
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2026-29063
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.98% / 57.85%
||
7 Day CHG+0.37%
Published-06 Mar, 2026 | 18:25
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.

Action-Not Available
Vendor-immutable-jsimmutable-jsRed Hat, Inc.
Product-immutableimmutable-jsRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Developer Hub 1.8Red Hat OpenShift Container Platform 4.21Red Hat Advanced Cluster Management for Kubernetes 2.15Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4multicluster engine for Kubernetes 2.11Red Hat Advanced Cluster Management for Kubernetes 2.16Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Satellite 6.18Red Hat Quay 3.16OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Migration Toolkit for Virtualization 2.9Migration Toolkit for Virtualization 2.1Red Hat 3scale API Management Platform 2Red Hat Satellite 6Red Hat OpenShift GitOpsRed Hat Discovery 2Cluster Observability Operator 1.5.0Red Hat Quay 3.10multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15multicluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9multicluster engine for Kubernetes 2.8Red Hat Edge Manager 1Self-service automation portal 2Red Hat OpenShift Pipelines 1.2Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Network Observability (NETOBSERV) 1.11.2Network Observability (NETOBSERV) 1.12.0Red Hat OpenShift Container Platform 4.18Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat OpenShift Container Platform 4.19Red Hat Quay 3.9Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftNode HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Quay 3.17OpenShift Service Mesh 3multicluster engine for Kubernetes 2.7Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat OpenShift Virtualization 4Red Hat Quay 3.12Red Hat Developer Hub 1.9Red Hat OpenShift Container Platform 4.20OpenShift LightspeedRed Hat OpenShift Container Platform 4.16Red Hat Connectivity Link 1Red Hat OpenShift Container Platform 4
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2026-31228
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.86%
||
7 Day CHG+0.07%
Published-12 May, 2026 | 00:00
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-31230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 42.18%
||
7 Day CHG+0.06%
Published-12 May, 2026 | 00:00
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-31072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 52.42%
||
7 Day CHG+0.08%
Published-19 May, 2026 | 00:00
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function allows for arbitrary class instantiation and state injection by dynamically importing modules and calling __setstate__ on any class available in the Python environment. An attacker can exploit this by submitting a specially crafted JSON or CBOR payload to an application using these serializers

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat Ansible Automation Platform 2Red Hat Quay 3Red Hat Satellite 6Red Hat OpenStack Platform 18.0
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-28292
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 66.85%
||
7 Day CHG+0.02%
Published-10 Mar, 2026 | 18:34
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE

`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.

Action-Not Available
Vendor-simple-git_projectsteveukxRed Hat, Inc.
Product-simple-gitsimple-gitLogging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9Red Hat Process Automation 7Red Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CWE ID-CWE-76
Improper Neutralization of Equivalent Special Elements
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-10926
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-2.60% / 83.45%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxenterprise_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-10904
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-3.02% / 85.83%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-10929
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-3.34% / 87.16%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10928
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-2.70% / 84.10%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxenterprise_linuxvirtualization_hostglusterfsgluster_storageleapglusterfs
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-27172
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.33%
||
7 Day CHG+0.18%
Published-27 Apr, 2026 | 09:59
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilter. An attacker who can write to the Consul KV store backing a Camel ConsulRegistry instance could inject a malicious serialized Java object that is deserialized the next time Camel performs a lookup against that registry, leading to arbitrary code execution in the Camel process. The issue mirrors the class of vulnerability already addressed for other Camel components in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747, and was overlooked during the original remediation of those CVEs. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.1.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-camelApache CamelRed Hat JBoss Enterprise Application Platform 8Red Hat build of Apache Camel for Spring Boot 4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-25153
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.54% / 41.51%
||
7 Day CHG+0.18%
Published-30 Jan, 2026 | 21:31
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. @backstage/plugin-techdocs-node versions 1.13.11 and 1.14.1 contain a fix. The fix introduces an allowlist of supported MkDocs configuration keys. Unsupported configuration keys (including `hooks`) are now removed from `mkdocs.yml` before running the generator, with a warning logged to indicate which keys were removed. Users of `@techdocs/cli` should also upgrade to the latest version, which includes the fixed `@backstage/plugin-techdocs-node` dependency. Some workarounds are available. Configure TechDocs with `runIn: docker` instead of `runIn: local` to provide container isolation, though it does not fully mitigate the risk. Limit who can modify `mkdocs.yml` files in repositories that TechDocs processes; only allow trusted contributors. Implement PR review requirements for changes to `mkdocs.yml` files to detect malicious `hooks` configurations before they are merged. Use MkDocs < 1.4.0 (e.g., 1.3.1) which does not support hooks. Note: This may limit access to newer MkDocs features. Building documentation in CI/CD pipelines using `@techdocs/cli` does not mitigate this vulnerability, as the CLI uses the same vulnerable `@backstage/plugin-techdocs-node` package.

Action-Not Available
Vendor-backstageThe Linux FoundationRed Hat, Inc.
Product-backstagebackstageSelf-service automation portal 2Red Hat Developer Hub 1.9Red Hat Developer Hub 1.8
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-25747
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.90% / 55.36%
||
7 Day CHG-0.37%
Published-23 Feb, 2026 | 08:45
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. An attacker who can write to the LevelDB database files used by a Camel application can inject a crafted serialized Java object that, when deserialized during normal aggregation repository operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.5, from 4.15.0 before 4.18.0. Users are recommended to upgrade to version 4.18.0, which fixes the issue. For the 4.10.x LTS releases, users are recommended to upgrade to 4.10.9, while for 4.14.x LTS releases, users are recommended to upgrade to 4.14.5

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-camelApache Camel LevelDBRed Hat JBoss Enterprise Application Platform 8Red Hat build of Apache Camel for Spring Boot 4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-25243
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-3.00% / 85.70%
||
7 Day CHG+1.77%
Published-05 May, 2026 | 16:44
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.

Action-Not Available
Vendor-Red Hat, Inc.Redis Inc.
Product-redisredisRed Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Hardened ImagesRed Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-23918
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-45.81% / 98.65%
||
7 Day CHG+3.01%
Published-04 May, 2026 | 14:44
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-http_serverApache HTTP ServerRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat JBoss Core ServicesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CVE-2026-22771
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.57% / 42.88%
||
7 Day CHG+0.09%
Published-12 Jan, 2026 | 18:08
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy Extension Policy lua scripts injection causes arbitrary command execution

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. This vulnerability is fixed in 1.5.7 and 1.6.2.

Action-Not Available
Vendor-envoyproxyenvoyproxyRed Hat, Inc.
Product-gatewaygatewayRed Hat Connectivity Link 1
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-5869
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-4.32% / 89.99%
||
7 Day CHG~0.00%
Published-10 Dec, 2023 | 17:56
Updated-11 Mar, 2026 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Postgresql: buffer overrun from integer overflow in array modification

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupRed Hat, Inc.
Product-enterprise_linux_for_ibm_z_systemsenterprise_linuxenterprise_linux_serverenterprise_linux_euspostgresqlcodeready_linux_builder_for_arm64_eusenterprise_linux_for_power_little_endiancodeready_linux_builder_for_ibm_z_systems_eusenterprise_linux_desktopsoftware_collectionsenterprise_linux_server_auscodeready_linux_builder_for_power_little_endian_euscodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64enterprise_linux_server_tusenterprise_linux_for_scientific_computingenterprise_linux_workstationcodeready_linux_builder_eusRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 7Red Hat Software Collections for Red Hat Enterprise Linux 7Red Hat Advanced Cluster Security 4.2RHACS-4.1-RHEL-8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRHACS-3.74-RHEL-8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-2370
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.69%
||
7 Day CHG+0.04%
Published-29 Mar, 2026 | 23:33
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Handling of Parameters in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.

Action-Not Available
Vendor-Red Hat, Inc.GitLab Inc.
Product-gitlabGitLabRed Hat OpenShift Container Platform 4OpenShift Pipelines
CWE ID-CWE-233
Improper Handling of Parameters
CVE-2026-23479
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-1.29% / 66.64%
||
7 Day CHG+0.33%
Published-05 May, 2026 | 16:36
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
redis-server use-after-free in unblock client flow may allow remote code execution

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.

Action-Not Available
Vendor-Red Hat, Inc.Redis Inc.
Product-redisredisRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-416
Use After Free
CVE-2026-23631
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.78% / 75.58%
||
7 Day CHG+0.56%
Published-05 May, 2026 | 16:39
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote code execution. A workaround is to prevent users from executing Lua scripts or avoid using replicas where replica-read-only is disabled. This is patched in version 8.6.3.

Action-Not Available
Vendor-Red Hat, Inc.Redis Inc.
Product-redisredisRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-416
Use After Free
CVE-2026-2004
Matching Score-8
Assigner-PostgreSQL
ShareView Details
Matching Score-8
Assigner-PostgreSQL
CVSS Score-8.8||HIGH
EPSS-0.78% / 51.60%
||
7 Day CHG+0.29%
Published-12 Feb, 2026 | 13:00
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupRed Hat, Inc.
Product-postgresqlPostgreSQLRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Update Infrastructure 5Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2026-2005
Matching Score-8
Assigner-PostgreSQL
ShareView Details
Matching Score-8
Assigner-PostgreSQL
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.65%
||
7 Day CHG+0.53%
Published-12 Feb, 2026 | 13:00
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupRed Hat, Inc.
Product-postgresqlPostgreSQLRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Update Infrastructure 5Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-2006
Matching Score-8
Assigner-PostgreSQL
ShareView Details
Matching Score-8
Assigner-PostgreSQL
CVSS Score-8.8||HIGH
EPSS-1.08% / 60.98%
||
7 Day CHG+0.42%
Published-12 Feb, 2026 | 13:00
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupRed Hat, Inc.
Product-postgresqlPostgreSQLRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Update Infrastructure 5Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-1486
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.45% / 35.98%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 18:36
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak.protocol.oidc.grants: disabled identity providers are still accepted for jwt authorization grant

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer) retrieves the IdP configuration but does not filter for isEnabled=false. If an administrator disables an IdP (e.g., due to a compromise or offboarding), an entity possessing that IdP's signing key can still generate valid JWT assertions that Keycloak accepts, resulting in the issuance of valid access tokens.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.9Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.9
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2026-0980
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.3||HIGH
EPSS-0.77% / 51.14%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 07:30
Updated-27 Mar, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

Action-Not Available
Vendor-logicmindsRed Hat, Inc.
Product-satelliterubyipmiRed Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-39417
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.57% / 72.40%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 12:19
Updated-12 Mar, 2026 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Postgresql: extension script @substitutions@ within quoting allow sql injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupDebian GNU/LinuxRed Hat, Inc.
Product-software_collectionsdebian_linuxpostgresqlenterprise_linuxRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Software CollectionsRed Hat Enterprise Linux 7Red Hat Software Collections for Red Hat Enterprise Linux 7Red Hat Advanced Cluster Security 4.2RHACS-4.1-RHEL-8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRHACS-3.74-RHEL-8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-5372
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.41% / 32.68%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 06:01
Updated-15 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

Action-Not Available
Vendor-libsshlibsshRed Hat, Inc.
Product-libsshenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-Onlibssh
CWE ID-CWE-682
Incorrect Calculation
CVE-2025-49521
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.46% / 37.00%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 20:45
Updated-13 Nov, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event-driven-ansible: template injection via git branch and refspec in eda projects

A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 8
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-10907
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-3.36% / 87.26%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10841
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-1.28% / 66.59%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxglusterfsglusterfs
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2020-1714
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.60% / 83.49%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 18:25
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Action-Not Available
Vendor-quarkusRed Hat, Inc.
Product-single_sign-onopenshift_application_runtimesquarkusjboss_fuseprocess_automationkeycloakdecision_managerkeycloak
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1718
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-1.00% / 58.70%
||
7 Day CHG~0.00%
Published-12 May, 2020 | 20:25
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_fuseopenshift_application_runtimeskeycloakkeycloak
CWE ID-CWE-287
Improper Authentication
CVE-2019-3894
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.51% / 71.32%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 19:25
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.

Action-Not Available
Vendor-Red Hat, Inc.
Product-wildflyjboss_enterprise_application_platformwildfly
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2026-9795
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.29% / 21.00%
||
7 Day CHG+0.01%
Published-28 May, 2026 | 03:49
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-6750
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG+0.10%
Published-21 Apr, 2026 | 12:40
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the Graphics: WebRender component

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-1705
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.26% / 17.34%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:14
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-template_service_broker_operatoropenshift/template-service-broker-operator
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-14778
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 20.48%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 18:58
Updated-10 Feb, 2026 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: incorrect ownership checks in /uma-policy/

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.2.13Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2012-4549
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.30% / 66.94%
||
7 Day CHG~0.00%
Published-05 Jan, 2013 | 00:00
Updated-14 May, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jboss enterprise application platform: org.jboss.as.ejb3: jboss enterprise application platform: access restriction bypass via improper ejb method authorization

A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform 6 for RHEL 6Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 6.0Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-13888
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.63% / 45.78%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 15:36
Updated-22 Jan, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.

Action-Not Available
Vendor-redhat-developerRed Hat, Inc.
Product-gitops-operatorRed Hat OpenShift GitOps 1.16Red Hat OpenShift GitOpsRed Hat OpenShift GitOps 1.18Red Hat OpenShift GitOps 1.17
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-13881
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.36% / 28.45%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 05:43
Updated-10 Feb, 2026 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-10263
Matching Score-6
Assigner-Arm Limited
ShareView Details
Matching Score-6
Assigner-Arm Limited
CVSS Score-9.1||CRITICAL
EPSS-0.46% / 36.86%
||
7 Day CHG-0.20%
Published-09 Jun, 2026 | 09:23
Updated-03 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Action-Not Available
Vendor-Red Hat, Inc.Arm Limited
Product-Cortex-X4Neoverse V3Cortex-A78Cortex-X1Cortex-X3C1-PremiumCortex-X1CCortex-A78AECortex-X2C1-UltraNeoverse N2Neoverse V1Neoverse V3AECortex-A76Cortex-A76AENeoverse N1Cortex-X925Cortex-A710Cortex-A77Cortex-A78CRed Hat Enterprise Linux 9Red Hat Enterprise Linux for NVIDIA 26Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Real Time (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux Real Time for NFV (v. 10)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux 10Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat OpenShift Container Platform 4
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-10725
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.70% / 48.51%
||
7 Day CHG~0.00%
Published-30 Sep, 2025 | 17:47
Updated-24 Dec, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.

Action-Not Available
Vendor-opendatahub-ioRed Hat, Inc.
Product-Red Hat OpenShift AI 2.22Red Hat OpenShift AI 2.16Red Hat OpenShift AI 2.19Red Hat OpenShift AI 2.24Red Hat OpenShift AI 2.21opendatahub-operator
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-9779
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.20%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 22:59
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Advanced Cluster Management for Kubernetes 2
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2019-19355
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.24% / 15.53%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 16:35
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshiftopenshift
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-4629
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.06%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:00
Updated-01 Jul, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: privilege escalation through hardcoded role mapper injection

A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat Build of Keycloak
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-45490
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.34%
||
7 Day CHG+0.12%
Published-09 Jun, 2026 | 17:04
Updated-01 Jul, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET SDK Elevation of Privilege Vulnerability

Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-.netwindows.NET 8.0.NET 9.0.NET 10.0Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-44173
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.40% / 31.88%
||
7 Day CHG+0.25%
Published-12 Jun, 2026 | 17:34
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Action-Not Available
Vendor-Red Hat, Inc.MariaDB Foundation
Product-mariadbserverRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Hardened Images
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33997
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.39% / 30.69%
||
7 Day CHG+0.07%
Published-31 Mar, 2026 | 01:36
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moby: Off-by-one error in plugin privilege validation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.

Action-Not Available
Vendor-mobyRed Hat, Inc.Docker, Inc.
Product-enginemobyRed Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift Virtualization 4Multicluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2Multicluster Global Hub 1.6.2OpenShift Service Mesh 2
CWE ID-CWE-193
Off-by-one Error
CWE ID-CWE-266
Incorrect Privilege Assignment
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found