RHSA-2026:26638
Vulnerability from csaf_redhat - Published: 2026-06-17 15:25 - Updated: 2026-06-25 23:07Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
dotnet10.0:
* aspnetcore-runtime-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* aspnetcore-runtime-dbg-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* aspnetcore-targeting-pack-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-apphost-pack-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-host-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-hostfxr-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-runtime-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-runtime-dbg-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-sdk-10.0-10.0.109-1.hum1 (aarch64, x86_64)
* dotnet-sdk-10.0-source-built-artifacts-10.0.109-1.hum1 (aarch64, x86_64)
* dotnet-sdk-aot-10.0-10.0.109-1.hum1 (aarch64, x86_64)
* dotnet-sdk-dbg-10.0-10.0.109-1.hum1 (aarch64, x86_64)
* dotnet-targeting-pack-10.0-10.0.9-1.hum1 (aarch64, x86_64)
* dotnet-templates-10.0-10.0.109-1.hum1 (aarch64, x86_64)
* dotnet10.0-10.0.109-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory() method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issue to create or overwrite files in locations accessible to the extracting process, potentially leading to unauthorized file modification.
6.2 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet10-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet10-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet10-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service condition
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet10-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet10-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet10-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
7.5 (High)
Affected products
Fixed
3 products
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ndotnet10.0:\n * aspnetcore-runtime-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * aspnetcore-runtime-dbg-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * aspnetcore-targeting-pack-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-apphost-pack-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-host-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-hostfxr-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-runtime-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-runtime-dbg-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-10.0-10.0.109-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-10.0-source-built-artifacts-10.0.109-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-aot-10.0-10.0.109-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-dbg-10.0-10.0.109-1.hum1 (aarch64, x86_64)\n * dotnet-targeting-pack-10.0-10.0.9-1.hum1 (aarch64, x86_64)\n * dotnet-templates-10.0-10.0.109-1.hum1 (aarch64, x86_64)\n * dotnet10.0-10.0.109-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26638",
"url": "https://access.redhat.com/errata/RHSA-2026:26638"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45591",
"url": "https://access.redhat.com/security/cve/CVE-2026-45591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45491",
"url": "https://access.redhat.com/security/cve/CVE-2026-45491"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26638.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-25T23:07:07+00:00",
"generator": {
"date": "2026-06-25T23:07:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.5"
}
},
"id": "RHSA-2026:26638",
"initial_release_date": "2026-06-17T15:25:52+00:00",
"revision_history": [
{
"date": "2026-06-17T15:25:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-19T06:19:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T23:07:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet10-0-main@aarch64",
"product": {
"name": "dotnet10-0-main@aarch64",
"product_id": "dotnet10-0-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-10.0@10.0.9-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet10-0-main@x86_64",
"product": {
"name": "dotnet10-0-main@x86_64",
"product_id": "dotnet10-0-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-10.0@10.0.9-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet10-0-main@src",
"product": {
"name": "dotnet10-0-main@src",
"product_id": "dotnet10-0-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet10.0@10.0.109-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet10-0-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet10-0-main@aarch64"
},
"product_reference": "dotnet10-0-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet10-0-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet10-0-main@src"
},
"product_reference": "dotnet10-0-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet10-0-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet10-0-main@x86_64"
},
"product_reference": "dotnet10-0-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-45491",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-06-09T18:05:02.406017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET\u0027s System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory() method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issue to create or overwrite files in locations accessible to the extracting process, potentially leading to unauthorized file modification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET: Local file tampering via link following vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects .NET\u0027s TAR archive extraction functionality. Red Hat Product Security has assessed this issue as a Moderate severity vulnerability.\n\nThe flaw occurs in System.Formats.Tar when processing TAR archives containing symbolic links. During extraction, the TarFile.ExtractToDirectory() method may incorrectly follow symlink paths and write files outside the intended extraction directory.\n\nSuccessful exploitation requires a vulnerable application to process a specially crafted TAR archive. An attacker could use this behavior to create or overwrite files in locations accessible to the extracting process, potentially affecting system or application integrity.\n\nThe vulnerability is a symlink path traversal issue that results in unauthorized file modification outside the designated extraction directory. The primary security impact is integrity compromise through arbitrary file writes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45491"
},
{
"category": "external",
"summary": "RHBZ#2487164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45491"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45491"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491"
}
],
"release_date": "2026-06-09T17:04:44.457000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-17T15:25:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26638"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available.",
"product_ids": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: .NET: Local file tampering via link following vulnerability"
},
{
"cve": "CVE-2026-45591",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-09T18:07:51.180043+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service condition",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the MessagePack hub protocol implementation used by ASP.NET Core SignalR and Blazor Server. Red Hat Product Security has assessed this issue as an Important severity vulnerability.\n\nThe flaw occurs when processing deeply nested MessagePack arrays supplied by a remote attacker. Insufficient validation of message nesting depth may cause excessive recursion and trigger a stack overflow condition during message processing.\n\nSuccessful exploitation could allow an unauthenticated remote attacker to cause the affected application or service to terminate unexpectedly, resulting in a denial of service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45591"
},
{
"category": "external",
"summary": "RHBZ#2487224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45591"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591"
}
],
"release_date": "2026-06-09T17:05:29.575000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-17T15:25:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26638"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available.",
"product_ids": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-17T15:25:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet10-0-main@aarch64",
"Red Hat Hardened Images:dotnet10-0-main@src",
"Red Hat Hardened Images:dotnet10-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…