Red Hat Enterprise Linux 10 — Vulnerabilities & Security Advisories 80

All 80 CVE vulnerabilities found in Red Hat Enterprise Linux 10, with AI-generated Chinese analysis, references, and POCs.

Vendor: Red Hat

CVE ID	Title	CVSS	Severity	Published
CVE-2026-0968	Libssh: libssh: denial of service due to malformed sftp message CWE-476	3.1	Low	2026-03-26
CVE-2026-0964	Libssh: improper sanitation of paths received from scp servers CWE-22	8.8	-	2026-03-26
CVE-2026-2436	Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake CWE-825	6.5	Medium	2026-03-26
CVE-2026-4897	Polkit: polkit: denial of service via unbounded input processing through standard input CWE-770	5.5	Medium	2026-03-26
CVE-2026-4775	Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing CWE-190	7.8	High	2026-03-24
CVE-2026-1940	Gstreamer: incomplete fix of cve-2026-1940	5.1	Medium	2026-03-23
CVE-2026-4647	Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library CWE-125	6.1	Medium	2026-03-23
CVE-2026-2369	Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources CWE-191	6.5	Medium	2026-03-19
CVE-2026-4426	Libarchive: libarchive: denial of service via malformed iso file processing CWE-1335	6.5	Medium	2026-03-19
CVE-2026-4424	Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing CWE-125	7.5	High	2026-03-19
CVE-2026-4271	Libsoup: libsoup: denial of service via use-after-free in http/2 server CWE-416	5.3	Medium	2026-03-17
CVE-2026-3633	Libsoup: libsoup: header and http request injection via crlf injection CWE-93	3.9	Low	2026-03-17
CVE-2026-3634	Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header CWE-93	3.9	Low	2026-03-17
CVE-2026-3632	Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames CWE-1286	3.9	Low	2026-03-17
CVE-2026-3441	Binutils: gnu binutils: information disclosure via specially crafted xcoff object file CWE-125	6.1	Medium	2026-03-15
CVE-2026-3442	Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker CWE-125	6.1	Medium	2026-03-15
CVE-2026-4111	Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive CWE-835	7.5	High	2026-03-13
CVE-2026-4105	Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method CWE-284	6.7	Medium	2026-03-13
CVE-2026-3099	Libsoup: libsoup: authentication bypass via digest authentication replay attack CWE-323	5.8	Medium	2026-03-12
CVE-2026-3234	Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection CWE-93	4.3	Medium	2026-03-12
CVE-2025-12801	Nfs-utils: rpc.mountd in the nfs-utils privilege escalation CWE-279	6.5	Medium	2026-03-04
CVE-2026-28295	Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses CWE-918	4.3	Medium	2026-02-26
CVE-2026-28296	Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths CWE-93	4.3	Medium	2026-02-26
CVE-2026-26104	Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api CWE-862	5.5	Medium	2026-02-25
CVE-2026-26103	Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api CWE-862	7.1	High	2026-02-25
CVE-2026-2443	Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure CWE-125	5.3	Medium	2026-02-13
CVE-2025-14831	Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification CWE-407	5.3	Medium	2026-02-09
CVE-2026-1709	Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication CWE-322	9.4	Critical	2026-02-06
CVE-2026-1801	Libsoup: libsoup: http request smuggling via malformed chunk headers CWE-444	5.3	Medium	2026-02-03
CVE-2026-1760	Libsoup: soupserver: denial of service via http request smuggling CWE-444	5.3	Medium	2026-02-02

All 80 known CVE vulnerabilities affecting Red Hat Enterprise Linux 10 with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat Enterprise Linux 10 — Vulnerabilities & Security Advisories 80