RHSA-2026:38187
Vulnerability from csaf_redhat - Published: 2026-07-11 01:14 - Updated: 2026-07-13 13:04A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service (DoS) condition where the affected server or client may crash or run out of resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Wasmtime, a runtime for WebAssembly. A remote attacker could exploit an arithmetic overflow vulnerability by instantiating a WebAssembly module or component that attempts to allocate an extremely large table using the WebAssembly memory64 proposal. This flaw causes Wasmtime to panic, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in PyJWT, a Python library for handling JSON Web Tokens (JWT). An attacker with control over a registered JSON Web Key (JWK) private key can bypass security checks by signing a token with a forbidden algorithm while claiming to use an allowed one. This allows the attacker to have the token accepted, potentially leading to unauthorized access or manipulation of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in PyJWT. A remote attacker can exploit this by supplying an arbitrarily large Base64URL payload segment when verifying detached JSON Web Signature (JWS) tokens using the unencoded-payload option. This forces excessive CPU work and memory allocations, leading to a Denial of Service (DoS) against any endpoint verifying such tokens.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Wasmtime, a runtime for WebAssembly. A WebAssembly System Interface (WASI) guest with a read-only source file capability can exploit this vulnerability. During hard-link creation and renaming operations, the system checks directory permissions but fails to match file permissions on source and destination preopens. This allows the guest to overwrite host files exposed with read permissions through WASI filesystem interfaces.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nrust:\n * cargo-1.97.0-1.1.hum1 (aarch64, x86_64)\n * clippy-1.97.0-1.1.hum1 (aarch64, x86_64)\n * rust-1.97.0-1.1.hum1 (aarch64, x86_64)\n * rust-analyzer-1.97.0-1.1.hum1 (aarch64, x86_64)\n * rust-debugger-common-1.97.0-1.1.hum1 (noarch)\n * rust-doc-1.97.0-1.1.hum1 (aarch64, x86_64)\n * rust-gdb-1.97.0-1.1.hum1 (noarch)\n * rust-lldb-1.97.0-1.1.hum1 (noarch)\n * rust-src-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-1.97.0-1.1.hum1 (aarch64, x86_64)\n * rust-std-static-aarch64-unknown-none-softfloat-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-aarch64-unknown-uefi-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-i686-pc-windows-gnu-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-wasm32-unknown-unknown-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-wasm32-wasip1-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-x86_64-pc-windows-gnu-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-x86_64-unknown-none-1.97.0-1.1.hum1 (noarch)\n * rust-std-static-x86_64-unknown-uefi-1.97.0-1.1.hum1 (noarch)\n * rustfmt-1.97.0-1.1.hum1 (aarch64, x86_64)\n * rust-1.97.0-1.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:38187",
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59869",
"url": "https://access.redhat.com/security/cve/CVE-2026-59869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9678",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48525",
"url": "https://access.redhat.com/security/cve/CVE-2026-48525"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48523",
"url": "https://access.redhat.com/security/cve/CVE-2026-48523"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40898",
"url": "https://access.redhat.com/security/cve/CVE-2026-40898"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44216",
"url": "https://access.redhat.com/security/cve/CVE-2026-44216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59887",
"url": "https://access.redhat.com/security/cve/CVE-2026-59887"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-58494",
"url": "https://access.redhat.com/security/cve/CVE-2026-58494"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_38187.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-13T13:04:51+00:00",
"generator": {
"date": "2026-07-13T13:04:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:38187",
"initial_release_date": "2026-07-11T01:14:07+00:00",
"revision_history": [
{
"date": "2026-07-11T01:14:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-13T11:24:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T13:04:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@aarch64",
"product": {
"name": "rust-main@aarch64",
"product_id": "rust-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cargo@1.97.0-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@x86_64",
"product": {
"name": "rust-main@x86_64",
"product_id": "rust-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cargo@1.97.0-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@src",
"product": {
"name": "rust-main@src",
"product_id": "rust-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rust@1.97.0-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@noarch",
"product": {
"name": "rust-main@noarch",
"product_id": "rust-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rust-debugger-common@1.97.0-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@aarch64"
},
"product_reference": "rust-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@noarch"
},
"product_reference": "rust-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@src"
},
"product_reference": "rust-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@x86_64"
},
"product_reference": "rust-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:14:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-40898",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-04T19:00:56.584166+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service (DoS) condition where the affected server or client may crash or run out of resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial-of-service flaw in `quic-go` that allows a remote attacker to exhaust system memory by sending specially crafted HTTP/3 trailer fields. This can lead to crashes or resource unavailability in affected Red Hat products utilizing `quic-go` for HTTP/3 communication, impacting both client and server implementations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40898"
},
{
"category": "external",
"summary": "RHBZ#2484875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40898"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/releases/tag/v0.59.1",
"url": "https://github.com/quic-go/quic-go/releases/tag/v0.59.1"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-vvgj-x9jq-8cj9",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-vvgj-x9jq-8cj9"
}
],
"release_date": "2026-06-04T17:43:36.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:14:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers"
},
{
"cve": "CVE-2026-44216",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-14T16:01:38.636308+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477467"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wasmtime, a runtime for WebAssembly. A remote attacker could exploit an arithmetic overflow vulnerability by instantiating a WebAssembly module or component that attempts to allocate an extremely large table using the WebAssembly memory64 proposal. This flaw causes Wasmtime to panic, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44216"
},
{
"category": "external",
"summary": "RHBZ#2477467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44216"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg",
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg"
}
],
"release_date": "2026-05-14T14:54:32.975000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:14:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation"
},
{
"cve": "CVE-2026-48523",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:55.312396+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482743"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for handling JSON Web Tokens (JWT). An attacker with control over a registered JSON Web Key (JWK) private key can bypass security checks by signing a token with a forbidden algorithm while claiming to use an allowed one. This allows the attacker to have the token accepted, potentially leading to unauthorized access or manipulation of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Moderate. It impacts applications using PyJWT with PyJWK keys, specifically when jwt.decode() or jwt.decode_complete() are called with a PyJWK key and the PyJWKClient.get_signing_key_from_jwt flow. An attacker must control a registered JWK private key to bypass algorithm allow-lists, limiting the exploitability in environments with strict key management.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48523"
},
{
"category": "external",
"summary": "RHBZ#2482743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48523"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f"
}
],
"release_date": "2026-05-28T15:10:19.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:14:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access"
},
{
"cve": "CVE-2026-48525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-28T16:02:28.870149+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482752"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT. A remote attacker can exploit this by supplying an arbitrarily large Base64URL payload segment when verifying detached JSON Web Signature (JWS) tokens using the unencoded-payload option. This forces excessive CPU work and memory allocations, leading to a Denial of Service (DoS) against any endpoint verifying such tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw in PyJWT, a dependency across multiple Red Hat products, allows a remote, unauthenticated attacker to trigger a Denial of Service. By submitting a specially crafted JSON Web Signature (JWS) token with an oversized unencoded payload, an attacker can force excessive CPU and memory consumption on systems verifying these tokens, leading to service disruption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48525"
},
{
"category": "external",
"summary": "RHBZ#2482752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39"
}
],
"release_date": "2026-05-28T15:11:12.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:14:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens"
},
{
"cve": "CVE-2026-58494",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges"
},
"discovery_date": "2026-07-08T21:01:32.491033+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498250"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wasmtime, a runtime for WebAssembly. A WebAssembly System Interface (WASI) guest with a read-only source file capability can exploit this vulnerability. During hard-link creation and renaming operations, the system checks directory permissions but fails to match file permissions on source and destination preopens. This allows the guest to overwrite host files exposed with read permissions through WASI filesystem interfaces.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate-impact flaw in Wasmtime allows a malicious WebAssembly System Interface (WASI) guest to overwrite host files. By exploiting insufficient permission checks during hard-link and rename operations, a guest with read-only file capabilities can modify host files that are exposed with read permissions through WASI filesystem interfaces. This could lead to data integrity issues on the host system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-58494"
},
{
"category": "external",
"summary": "RHBZ#2498250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-58494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-58494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58494"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c",
"url": "https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367",
"url": "https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd",
"url": "https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e",
"url": "https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11",
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12",
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3",
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1",
"url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1"
},
{
"category": "external",
"summary": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj",
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj"
}
],
"release_date": "2026-07-08T20:22:16.039000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-11T01:14:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:38187"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.