Redhat Enterprise Linux vulnerabilities

CVE-2026-1933 [MEDIUM] CWE-284 CVE-2026-1933: A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read onl A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible

CVE-2026-2340 [MEDIUM] CWE-280 CVE-2026-2340: A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly c

CVE-2026-4480 [CRITICAL] CWE-78 CVE-2026-4480: A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that

CVE-2026-48864 [HIGH] CWE-787 CVE-2026-48864: A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-c A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result

CVE-2026-9149 [MEDIUM] CWE-122 CVE-2026-9149: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

CVE-2026-9064 [HIGH] CWE-770 CVE-2026-9064: A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), c

CVE-2026-9150 [MEDIUM] CWE-121 CVE-2026-9150: A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debi A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

CVE-2026-42010 [CRITICAL] CWE-626 CVE-2026-42010: A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unaut

CVE-2026-34000 [CRITICAL] CWE-125 CVE-2026-34000: A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry pr A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this wi

CVE-2026-34002 [CRITICAL] CWE-805 CVE-2026-34002: A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB ( A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive

CVE-2026-33845 [CRITICAL] CWE-191 CVE-2026-33845: A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero off A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

CVE-2026-3833 [HIGH] CWE-178 CVE-2026-3833: A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive compari A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subje

CVE-2026-3832 [LOW] CWE-179 CVE-2026-3832: A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a speci A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, p

CVE-2026-6732 [HIGH] CWE-843 CVE-2026-6732: A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafte A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial

CVE-2026-2708 [MEDIUM] CWE-444 CVE-2026-2708: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_ A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content

CVE-2026-31431 [HIGH] CWE-669 CVE-2026-31431: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the comp

CVE-2026-6846 [HIGH] CWE-122 CVE-2026-6846: A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or

CVE-2026-6843 [MEDIUM] CWE-134 CVE-2026-6843: A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.

CVE-2026-6845 [MEDIUM] CWE-476 CVE-2026-6845: A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource con

CVE-2026-6844 [MEDIUM] CWE-400 CVE-2026-6844: A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-