Redhat Enterprise Linux vulnerabilities

CVE-2026-3634 [MEDIUM] CWE-93 CVE-2026-3634: A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header c A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP h

CVE-2026-3441 [HIGH] CWE-125 CVE-2026-3441: A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an ap

CVE-2026-3442 [HIGH] CWE-125 CVE-2026-3442: A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the

CVE-2026-3099 [HIGH] CWE-323 CVE-2026-3099: A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDom A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the

CVE-2026-3497 [MEDIUM] CWE-908 CVE-2026-3497: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerabilit Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAP

CVE-2025-12801 [MEDIUM] CWE-279 CVE-2025-12801: A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, a

CVE-2025-9572 [MEDIUM] CWE-863 CVE-2025-9572: n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

CVE-2026-26103 [HIGH] CWE-862 CVE-2026-26103: A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for res A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys an

CVE-2026-26104 [MEDIUM] CWE-862 CVE-2026-26104: A flaw was found in the udisks storage management daemon that allows unprivileged users to back up L A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to at

CVE-2026-2443 [MEDIUM] CWE-125 CVE-2026-2443: A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires

CVE-2026-1709 [CRITICAL] CWE-322 CVE-2026-1709: A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-si A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TP

CVE-2026-1801 [MEDIUM] CWE-444 CVE-2026-1801: A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerabilit A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attac

CVE-2026-1536 [MEDIUM] CWE-93 CVE-2026-1536: A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition heade A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to

CVE-2026-1539 [MEDIUM] CWE-201 CVE-2026-1539: A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be s A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be l

CVE-2026-1467 [MEDIUM] CWE-93 CVE-2026-1467: A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Ret A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allo

CVE-2025-14512 [MEDIUM] CWE-190 CVE-2025-14512: A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (Do A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVE-2025-14087 [CRITICAL] CWE-190 CVE-2025-14087: A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corr A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

CVE-2025-9784 [HIGH] CWE-770 CVE-2025-9784: A flaw was found in Undertow where malformed client requests can trigger server-side stream resets w A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implem

CVE-2025-8283 [LOW] CWE-15 CVE-2025-8283: A vulnerability was found in the netavark package, a network stack for containers used with Podman. A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's

CVE-2025-7519 [MEDIUM] CWE-787 CVE-2025-7519: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy f