RED HAT — Vulnerabilities & Security Advisories 676

Browse all 676 CVE security advisories affecting RED HAT. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3260	Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests — Red Hat build of Apache Camel for Spring Boot 4CWE-770	5.9	Medium	2026-03-24
CVE-2026-1940	Gstreamer: incomplete fix of cve-2026-1940 — Red Hat Enterprise Linux 10	5.1	Medium	2026-03-23
CVE-2026-4647	Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library — Red Hat Enterprise Linux 10CWE-125	6.1	Medium	2026-03-23
CVE-2026-4633	Keycloak: keycloak: user enumeration via differential error messages — Red Hat Build of KeycloakCWE-209	3.7	Low	2026-03-23
CVE-2026-4628	Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control — Red Hat Build of KeycloakCWE-284	4.3	Medium	2026-03-23
CVE-2026-23536	Feast: unauthenticated arbitrary file read — Red Hat OpenShift AI (RHOAI)CWE-22	7.5	High	2026-03-20
CVE-2026-2369	Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources — Red Hat Enterprise Linux 10CWE-191	6.5	Medium	2026-03-19
CVE-2026-4426	Libarchive: libarchive: denial of service via malformed iso file processing — Red Hat Enterprise Linux 10CWE-1335	6.5	Medium	2026-03-19
CVE-2026-4424	Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing — Red Hat Enterprise Linux 10CWE-125	7.5	High	2026-03-19
CVE-2026-4366	Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak — Red Hat Build of KeycloakCWE-918	5.8	Medium	2026-03-18
CVE-2026-2575	Keycloak: keycloak: denial of service due to excessive samlrequest decompression — Red Hat build of Keycloak 26.4CWE-409	5.3	Medium	2026-03-18
CVE-2026-2603	Keycloak: keycloak: unauthorized authentication via disabled saml identity provider — Red Hat build of Keycloak 26.2CWE-306	8.1	High	2026-03-18
CVE-2026-2092	Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions — Red Hat build of Keycloak 26.2CWE-1287	7.7	High	2026-03-18
CVE-2026-4324	Rubygem-katello: katello: denial of service and potential information disclosure via sql injection — Red Hat Satellite 6.17 for RHEL 9CWE-89	5.4	Medium	2026-03-17
CVE-2026-4271	Libsoup: libsoup: denial of service via use-after-free in http/2 server — Red Hat Enterprise Linux 10CWE-416	5.3	Medium	2026-03-17
CVE-2026-3633	Libsoup: libsoup: header and http request injection via crlf injection — Red Hat Enterprise Linux 10CWE-93	3.9	Low	2026-03-17
CVE-2026-3632	Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames — Red Hat Enterprise Linux 10CWE-1286	3.9	Low	2026-03-17
CVE-2026-3634	Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header — Red Hat Enterprise Linux 10CWE-93	3.9	Low	2026-03-17
CVE-2026-3441	Binutils: gnu binutils: information disclosure via specially crafted xcoff object file — Red Hat Enterprise Linux 10CWE-125	6.1	Medium	2026-03-15
CVE-2026-3442	Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker — Red Hat Enterprise Linux 10CWE-125	6.1	Medium	2026-03-15
CVE-2026-4111	Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive — Red Hat Enterprise Linux 10CWE-835	7.5	High	2026-03-13
CVE-2026-4105	Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method — Red Hat Enterprise Linux 10CWE-284	6.7	Medium	2026-03-13
CVE-2025-57849	Fuse: privilege escalation via excessive /etc/passwd permissions — Red Hat Fuse 7CWE-276	6.4	Medium	2026-03-13
CVE-2025-8766	Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container — Red Hat Openshift Data Foundation 4CWE-276	6.4	Medium	2026-03-13
CVE-2026-2376	Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface — mirror registry for Red Hat OpenShiftCWE-601	4.9	Medium	2026-03-12
CVE-2026-3099	Libsoup: libsoup: authentication bypass via digest authentication replay attack — Red Hat Enterprise Linux 10CWE-323	5.8	Medium	2026-03-12
CVE-2026-2366	Keycloak: keycloak: information disclosure via authorization bypass in admin api — Red Hat build of Keycloak 26.4CWE-639	3.1	Low	2026-03-12
CVE-2026-3234	Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection — Red Hat Enterprise Linux 10CWE-93	4.3	Medium	2026-03-12
CVE-2026-3429	Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api — Red Hat build of Keycloak 26.4CWE-284	4.2	Medium	2026-03-11
CVE-2026-3911	Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint — Red Hat build of Keycloak 26.4CWE-359	2.7	Low	2026-03-11

This page lists every published CVE security advisory associated with RED HAT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

RED HAT — Vulnerabilities & Security Advisories 676