RHSA-2026:33531
Vulnerability from csaf_redhat - Published: 2026-06-30 14:05 - Updated: 2026-07-08 21:48Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.4.1 enhancement update
Severity
Important
Notes
Topic: Updated Red Hat Enterprise Linux AI 3.4.1 container images are now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.
This update provides the latest Red Hat Enterprise Linux AI 3.4.1 container images.
For a full list of changes in this release, see the Red Hat Enterprise Linux AI Release Notes linked in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
8.2 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
7.1 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Enterprise Linux AI 3.4.1 container images are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.\n\nThis update provides the latest Red Hat Enterprise Linux AI 3.4.1 container images.\n\nFor a full list of changes in this release, see the Red Hat Enterprise Linux AI Release Notes linked in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33531",
"url": "https://access.redhat.com/errata/RHSA-2026:33531"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux_ai/3.4/html/release_notes/rhelai-34-stable-release-notes_release-notes",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux_ai/3.4/html/release_notes/rhelai-34-stable-release-notes_release-notes"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33531.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.4.1 enhancement update",
"tracking": {
"current_release_date": "2026-07-08T21:48:43+00:00",
"generator": {
"date": "2026-07-08T21:48:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33531",
"initial_release_date": "2026-06-30T14:05:56+00:00",
"revision_history": [
{
"date": "2026-06-30T14:05:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-02T08:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T21:48:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 3.4",
"product": {
"name": "Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:3.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-cuda-rhel9@sha256%3A805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3/bootc-cuda-rhel9\u0026tag=1782744816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-aws-cuda-rhel9@sha256%3Aa1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9\u0026tag=1782758407"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-cuda-rhel9@sha256%3Aa632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9\u0026tag=1782758410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-gcp-cuda-rhel9@sha256%3A1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9\u0026tag=1782758409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-rocm-rhel9@sha256%3Adc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3/bootc-rocm-rhel9\u0026tag=1782744830"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"product_id": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-rocm-rhel9@sha256%3A217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078?arch=amd64\u0026repository_url=registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9\u0026tag=1782754093"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"product": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"product_id": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-cuda-rhel9@sha256%3A5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018?arch=arm64\u0026repository_url=registry.redhat.io/rhelai3/bootc-cuda-rhel9\u0026tag=1782744816"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64 as a component of Red Hat Enterprise Linux AI 3.4",
"product_id": "Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
},
"product_reference": "registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:05:56+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.\n\nFor details on deploying and configuring RHEL AI, see the Red Hat Enterprise Linux AI documentation at https://docs.redhat.com/en/documentation/red_hat_enterprise_linux_ai/3.4",
"product_ids": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33531"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:05:56+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.\n\nFor details on deploying and configuring RHEL AI, see the Red Hat Enterprise Linux AI documentation at https://docs.redhat.com/en/documentation/red_hat_enterprise_linux_ai/3.4",
"product_ids": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33531"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-aws-cuda-rhel9@sha256:a1490afc82c9994b52ee33e6d9c59665a19af7ef200e8832c26697b3e135fb16_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-cuda-rhel9@sha256:a632130e46e23eb70218c6f179db44b6b2a04c02cd1605beb6430feba2c90215_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-azure-rocm-rhel9@sha256:217191b7b6934dfc60db92c4c2bdba8016448ce12403fef45c6125693ed9e078_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:5cff37d6a84463abb9a99fbb4be645c99a8e6b588a8c8d1bc60900d609538018_arm64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-cuda-rhel9@sha256:805304826cbb494aba7a923a54b4f02ccbc5532b52bddb37d4bc66ed0ccab6cf_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-gcp-cuda-rhel9@sha256:1061cfa644cddf53ffe92bbf1bb38bf5fdcc8d7ad33702f429791ab8fad1c1e2_amd64",
"Red Hat Enterprise Linux AI 3.4:registry.redhat.io/rhelai3/bootc-rocm-rhel9@sha256:dc7589a44bec51206c0e649ce6cce9a6ad046e9df686686d3cdc3399a558f63e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…