RHSA-2026:26994
Vulnerability from csaf_redhat - Published: 2026-06-18 05:28 - Updated: 2026-07-15 14:34A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory() method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issue to create or overwrite files in locations accessible to the extracting process, potentially leading to unauthorized file modification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service condition
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service (DoS) for the server. This vulnerability impacts the availability of the service.
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU time required to parse the document, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in js-yaml, a JavaScript YAML (YAML Ain't Markup Language) parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service (DoS) for applications processing the malicious YAML input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ndotnet8.0:\n * aspnetcore-runtime-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * aspnetcore-runtime-dbg-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * aspnetcore-targeting-pack-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * dotnet-apphost-pack-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * dotnet-hostfxr-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * dotnet-runtime-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * dotnet-runtime-dbg-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-8.0-8.0.128-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-8.0-source-built-artifacts-8.0.128-1.hum1 (aarch64, x86_64)\n * dotnet-sdk-dbg-8.0-8.0.128-1.hum1 (aarch64, x86_64)\n * dotnet-targeting-pack-8.0-8.0.28-1.hum1 (aarch64, x86_64)\n * dotnet-templates-8.0-8.0.128-1.hum1 (aarch64, x86_64)\n * dotnet8.0-8.0.128-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26994",
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45591",
"url": "https://access.redhat.com/security/cve/CVE-2026-45591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45491",
"url": "https://access.redhat.com/security/cve/CVE-2026-45491"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59870",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59868",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59724",
"url": "https://access.redhat.com/security/cve/CVE-2026-59724"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26994.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-15T14:34:46+00:00",
"generator": {
"date": "2026-07-15T14:34:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:26994",
"initial_release_date": "2026-06-18T05:28:56+00:00",
"revision_history": [
{
"date": "2026-06-18T05:28:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T05:12:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T14:34:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet8-0-main@aarch64",
"product": {
"name": "dotnet8-0-main@aarch64",
"product_id": "dotnet8-0-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-8.0@8.0.28-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet8-0-main@x86_64",
"product": {
"name": "dotnet8-0-main@x86_64",
"product_id": "dotnet8-0-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-8.0@8.0.28-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet8-0-main@src",
"product": {
"name": "dotnet8-0-main@src",
"product_id": "dotnet8-0-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet8.0@8.0.128-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet8-0-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet8-0-main@aarch64"
},
"product_reference": "dotnet8-0-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet8-0-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet8-0-main@src"
},
"product_reference": "dotnet8-0-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet8-0-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet8-0-main@x86_64"
},
"product_reference": "dotnet8-0-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-45491",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-06-09T18:05:02.406017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in .NET\u0027s System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory() method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issue to create or overwrite files in locations accessible to the extracting process, potentially leading to unauthorized file modification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: .NET: Local file tampering via link following vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects .NET\u0027s TAR archive extraction functionality. Red Hat Product Security has assessed this issue as a Moderate severity vulnerability.\n\nThe flaw occurs in System.Formats.Tar when processing TAR archives containing symbolic links. During extraction, the TarFile.ExtractToDirectory() method may incorrectly follow symlink paths and write files outside the intended extraction directory.\n\nSuccessful exploitation requires a vulnerable application to process a specially crafted TAR archive. An attacker could use this behavior to create or overwrite files in locations accessible to the extracting process, potentially affecting system or application integrity.\n\nThe vulnerability is a symlink path traversal issue that results in unauthorized file modification outside the designated extraction directory. The primary security impact is integrity compromise through arbitrary file writes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45491"
},
{
"category": "external",
"summary": "RHBZ#2487164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45491"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45491"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491"
}
],
"release_date": "2026-06-09T17:04:44.457000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T05:28:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available.",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: .NET: Local file tampering via link following vulnerability"
},
{
"cve": "CVE-2026-45591",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-09T18:07:51.180043+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service condition",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the MessagePack hub protocol implementation used by ASP.NET Core SignalR and Blazor Server. Red Hat Product Security has assessed this issue as an Important severity vulnerability.\n\nThe flaw occurs when processing deeply nested MessagePack arrays supplied by a remote attacker. Insufficient validation of message nesting depth may cause excessive recursion and trigger a stack overflow condition during message processing.\n\nSuccessful exploitation could allow an unauthenticated remote attacker to cause the affected application or service to terminate unexpectedly, resulting in a denial of service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45591"
},
{
"category": "external",
"summary": "RHBZ#2487224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45591"
},
{
"category": "external",
"summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45591"
}
],
"release_date": "2026-06-09T17:05:29.575000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T05:28:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
},
{
"category": "workaround",
"details": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available.",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T05:28:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-59724",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-07-08T16:01:58.067396+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498128"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service (DoS) for the server. This vulnerability impacts the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "engine.io: Engine.IO: Denial of Service via crafted WebTransport session ID",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as Important. When Engine.IO servers have WebTransport enabled, a remote attacker can trigger a denial of service. This occurs by sending a crafted session ID that resolves an inherited property during WebTransport upgrade handling, leading to a TypeError and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59724"
},
{
"category": "external",
"summary": "RHBZ#2498128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59724",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59724"
},
{
"category": "external",
"summary": "https://github.com/socketio/socket.io/commit/1fa1f46cd420ac5b57bb4c04c959b58f3c79158c",
"url": "https://github.com/socketio/socket.io/commit/1fa1f46cd420ac5b57bb4c04c959b58f3c79158c"
},
{
"category": "external",
"summary": "https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7",
"url": "https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7"
},
{
"category": "external",
"summary": "https://github.com/socketio/socket.io/security/advisories/GHSA-gr94-w7qr-f4j3",
"url": "https://github.com/socketio/socket.io/security/advisories/GHSA-gr94-w7qr-f4j3"
}
],
"release_date": "2026-07-08T15:35:39.813000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T05:28:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "engine.io: Engine.IO: Denial of Service via crafted WebTransport session ID"
},
{
"cve": "CVE-2026-59868",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-07-08T16:01:01.825253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU time required to parse the document, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "js-yaml versions 5.0.0 through 5.1.x are vulnerable to a denial of service. When merge keys (\u0027\u003c\u003c\u0027) are enabled during YAML parsing, js-yaml re-merges the accumulated mapping into each subsequent mapping in a chain. A document consisting of a linear chain of mappings that each merge the previous one causes quadratic (O(n^2)) CPU consumption relative to input size, even though the document size itself grows only linearly. This can be triggered via yaml.load() on untrusted YAML input that uses merge keys. Fixed in js-yaml 5.2.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "external",
"summary": "RHBZ#2498114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59868"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1",
"url": "https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/5.2.0",
"url": "https://github.com/nodeca/js-yaml/releases/tag/5.2.0"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv"
}
],
"release_date": "2026-07-08T15:18:19.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T05:28:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
},
{
"category": "workaround",
"details": "Upgrade to js-yaml 5.2.0 or later. Where an immediate upgrade is not possible, avoid parsing untrusted YAML documents that use merge keys (\u0027\u003c\u003c\u0027), or apply size and time limits when parsing untrusted YAML input.",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys"
},
{
"cve": "CVE-2026-59870",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-08T16:02:04.944023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML (YAML Ain\u0027t Markup Language) parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service (DoS) for applications processing the malicious YAML input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "js-yaml versions 5.0.0 through 5.2.0 are vulnerable to a denial of service via the omapTag.addItem() O(n^2) duplicate-key scan when parsing crafted YAML ordered-map documents with the YAML11_SCHEMA. This affects yaml.load() calls using that schema. Fixed in 5.2.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "RHBZ#2498130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe",
"url": "https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/5.2.1",
"url": "https://github.com/nodeca/js-yaml/releases/tag/5.2.1"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm"
}
],
"release_date": "2026-07-08T15:13:20.308000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T05:28:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26994"
},
{
"category": "workaround",
"details": "Avoid using the YAML11_SCHEMA when parsing untrusted YAML input, or upgrade to js-yaml 5.2.1 or later. Applications using the default schema (CORE_SCHEMA) are not affected.",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.