Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat Enterprise Linux AI 3.3

Source -

ADP

CNA CVEs -

0

ADP CVEs -

8

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found

CVE-2026-40192
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.67% / 47.48%
||
7 Day CHG+0.19%
Published-15 Apr, 2026 | 22:53
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pillow is vulnerable to a FITS GZIP decompression bomb

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.

Action-Not Available
Vendor-python-pillowRed Hat, Inc.Python Software Foundation
Product-pillowPillowRed Hat Enterprise Linux 7Red Hat Satellite 6.19 for RHEL 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Lightspeed CoreRed Hat AI Inference ServerRed Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Satellite 6.18 for RHEL 9Red Hat Quay 3.17Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Satellite 6.17 for RHEL 9Red Hat Quay 3.14Red Hat Quay 3.12OpenShift LightspeedRed Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-4786
Assigner-Python Software Foundation
ShareView Details
Assigner-Python Software Foundation
CVSS Score-7||HIGH
EPSS-0.29% / 20.77%
||
7 Day CHG+0.08%
Published-13 Apr, 2026 | 21:52
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

Action-Not Available
Vendor-Python Software FoundationRed Hat, Inc.
Product-CPythonRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Middleware Containers for OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AI 3.3Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-6100
Assigner-Python Software Foundation
ShareView Details
Assigner-Python Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.40%
||
7 Day CHG+0.06%
Published-13 Apr, 2026 | 17:15
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.

Action-Not Available
Vendor-Red Hat, Inc.Python Software Foundation
Product-CPythonRed Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux 8Red Hat Update Infrastructure 5Middleware Containers for OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat CodeReady Linux Builder EUS (v.9.6)
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-27893
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.43%
||
7 Day CHG+0.61%
Published-26 Mar, 2026 | 23:56
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

Action-Not Available
Vendor-vllmvllm-projectRed Hat, Inc.
Product-vllmvllmRed Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat AI Inference Server 3.2Red Hat AI Inference ServerRed Hat Enterprise Linux AI 3.3Red Hat AI Inference Server 3.3
CWE ID-CWE-501
Trust Boundary Violation
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-4519
Assigner-Python Software Foundation
ShareView Details
Assigner-Python Software Foundation
CVSS Score-7||HIGH
EPSS-0.31% / 22.54%
||
7 Day CHG+0.09%
Published-20 Mar, 2026 | 15:08
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
webbrowser.open() allows leading dashes in URLs

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

Action-Not Available
Vendor-Python Software FoundationRed Hat, Inc.
Product-pythonCPythonRed Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Hardened ImagesRed Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Middleware Containers for OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Discovery 2Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux AI 3.3Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-32597
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.47%
||
7 Day CHG+0.07%
Published-12 Mar, 2026 | 21:41
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Action-Not Available
Vendor-pyjwt_projectjpadillaRed Hat, Inc.
Product-pyjwtpyjwtRed Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Satellite 6.18Red Hat Quay 3.16Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15Red Hat Enterprise Linux HighAvailability (v. 8)Red Hat AI Inference ServerRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift AI 3.3Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2.6Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux ResilientStorage (v. 8)Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux High Availability E4S (v.9.2)Red Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat OpenShift AI 2.25Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25679
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.68%
||
7 Day CHG+0.21%
Published-06 Mar, 2026 | 21:28
Updated-03 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat OpenShift distributed tracing 3.9.3Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 3.0Red Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux AppStream E4S (v.8.8)Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Services on OpenShift 18OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Satellite 6.19 for RHEL 9DevWorkspace Operator 0.4Red Hat Advanced Cluster Management for Kubernetes 2.15ExternalDNS OperatorRed Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AI 3.3OpenShift PipelinesSecurity Profiles OperatorRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Quay 3.15mirror registry for Red Hat OpenShiftRed Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Red Hat OpenShift Virtualization 4Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)Red Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4streams for Apache Kafka 3External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftRed Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux 7Red Hat Enterprise Linux Server (v. 7 ELS)Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Satellite 6.18Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat Enterprise Linux AppStream E4S (v.8.6)Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)mirror registry for Red Hat OpenShift 2.0Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.5Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Connectivity Link 1Multicluster Global Hub 1.4.5
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-23490
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.68% / 47.83%
||
7 Day CHG+0.19%
Published-16 Jan, 2026 | 19:03
Updated-01 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyasn1 has a DoS vulnerability in decoder

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Action-Not Available
Vendor-pyasn1pyasn1Red Hat, Inc.Debian GNU/Linux
Product-pyasn1debian_linuxpyasn1Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat OpenStack 1.5Red Hat Ansible Automation Platform 2.5Red Hat Enterprise Linux Server for SAPHANA ELS (v. 7)Migration Toolkit for VirtualizationRed Hat Enterprise Linux 6Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Lightspeed CoreRed Hat Enterprise Linux Server (v. 7 ELS)Migration Toolkit for ContainersRed Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux Server for SAP ELS (v. 7)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat OpenShift AI 3.3Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux ResilientStorage (v. 8)OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)Red Hat Enterprise Linux High Availability E4S (v.9.2)OpenShift LightspeedRed Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat OpenStack Platform 16.2Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Enterprise Linux Server HighAvailability (v. 7 ELS)Red Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Satellite 6Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Ceph Storage 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux High Availability E4S (v.8.8)Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux HighAvailability (v. 8)Red Hat Enterprise Linux High Availability AUS (v.8.4)Ironic content for Red Hat OpenShift Container Platform 4.17Ironic content for Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat AI Inference ServerRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat OpenShift Container Platform 4.18Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Enterprise Linux Server ResilientStorage (v. 7 ELS)Red Hat Update Infrastructure 5Red Hat OpenStack Platform 17.1Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling