RHSA-2026:38187

Vulnerability from csaf_redhat - Published: 2026-07-11 01:14 - Updated: 2026-07-13 13:04
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: rust: * cargo-1.97.0-1.1.hum1 (aarch64, x86_64) * clippy-1.97.0-1.1.hum1 (aarch64, x86_64) * rust-1.97.0-1.1.hum1 (aarch64, x86_64) * rust-analyzer-1.97.0-1.1.hum1 (aarch64, x86_64) * rust-debugger-common-1.97.0-1.1.hum1 (noarch) * rust-doc-1.97.0-1.1.hum1 (aarch64, x86_64) * rust-gdb-1.97.0-1.1.hum1 (noarch) * rust-lldb-1.97.0-1.1.hum1 (noarch) * rust-src-1.97.0-1.1.hum1 (noarch) * rust-std-static-1.97.0-1.1.hum1 (aarch64, x86_64) * rust-std-static-aarch64-unknown-none-softfloat-1.97.0-1.1.hum1 (noarch) * rust-std-static-aarch64-unknown-uefi-1.97.0-1.1.hum1 (noarch) * rust-std-static-i686-pc-windows-gnu-1.97.0-1.1.hum1 (noarch) * rust-std-static-wasm32-unknown-unknown-1.97.0-1.1.hum1 (noarch) * rust-std-static-wasm32-wasip1-1.97.0-1.1.hum1 (noarch) * rust-std-static-x86_64-pc-windows-gnu-1.97.0-1.1.hum1 (noarch) * rust-std-static-x86_64-unknown-none-1.97.0-1.1.hum1 (noarch) * rust-std-static-x86_64-unknown-uefi-1.97.0-1.1.hum1 (noarch) * rustfmt-1.97.0-1.1.hum1 (aarch64, x86_64) * rust-1.97.0-1.1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.

CWE-1286 - Improper Validation of Syntactic Correctness of Input
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:rust-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@noarch
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service (DoS) condition where the affected server or client may crash or run out of resources.

CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:rust-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@noarch
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A flaw was found in Wasmtime, a runtime for WebAssembly. A remote attacker could exploit an arithmetic overflow vulnerability by instantiating a WebAssembly module or component that attempts to allocate an extremely large table using the WebAssembly memory64 proposal. This flaw causes Wasmtime to panic, resulting in a Denial of Service (DoS) for the affected system.

CWE-190 - Integer Overflow or Wraparound
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:rust-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:rust-main@noarch
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:rust-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:rust-main@x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in PyJWT, a Python library for handling JSON Web Tokens (JWT). An attacker with control over a registered JSON Web Key (JWK) private key can bypass security checks by signing a token with a forbidden algorithm while claiming to use an allowed one. This allows the attacker to have the token accepted, potentially leading to unauthorized access or manipulation of sensitive information.

CWE-347 - Improper Verification of Cryptographic Signature
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:rust-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@noarch
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in PyJWT. A remote attacker can exploit this by supplying an arbitrarily large Base64URL payload segment when verifying detached JSON Web Signature (JWS) tokens using the unencoded-payload option. This forces excessive CPU work and memory allocations, leading to a Denial of Service (DoS) against any endpoint verifying such tokens.

CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:rust-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@noarch
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:rust-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in Wasmtime, a runtime for WebAssembly. A WebAssembly System Interface (WASI) guest with a read-only source file capability can exploit this vulnerability. During hard-link creation and renaming operations, the system checks directory permissions but fails to match file permissions on source and destination preopens. This allows the guest to overwrite host files exposed with read permissions through WASI filesystem interfaces.

CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:rust-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:rust-main@noarch
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:rust-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:rust-main@x86_64
Vendor Fix fix
Threats
Impact Moderate
References
URL Category
https://access.redhat.com/errata/RHSA-2026:38187 self
https://images.redhat.com/ external
https://access.redhat.com/security/cve/CVE-2026-59869 external
https://access.redhat.com/security/updates/classi… external
https://access.redhat.com/security/cve/CVE-2026-9678 external
https://access.redhat.com/security/cve/CVE-2026-48525 external
https://access.redhat.com/security/cve/CVE-2026-48523 external
https://access.redhat.com/security/cve/CVE-2026-40898 external
https://access.redhat.com/security/cve/CVE-2026-44216 external
https://access.redhat.com/security/cve/CVE-2026-59887 external
https://access.redhat.com/security/cve/CVE-2026-58494 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2026-9678 self
https://bugzilla.redhat.com/show_bug.cgi?id=2490000 external
https://www.cve.org/CVERecord?id=CVE-2026-9678 external
https://nvd.nist.gov/vuln/detail/CVE-2026-9678 external
https://cna.openjsf.org/security-advisories.html external
https://github.com/nodejs/undici/security/advisor… external
https://access.redhat.com/security/cve/CVE-2026-40898 self
https://bugzilla.redhat.com/show_bug.cgi?id=2484875 external
https://www.cve.org/CVERecord?id=CVE-2026-40898 external
https://nvd.nist.gov/vuln/detail/CVE-2026-40898 external
https://github.com/quic-go/quic-go/releases/tag/v0.59.1 external
https://github.com/quic-go/quic-go/security/advis… external
https://access.redhat.com/security/cve/CVE-2026-44216 self
https://bugzilla.redhat.com/show_bug.cgi?id=2477467 external
https://www.cve.org/CVERecord?id=CVE-2026-44216 external
https://nvd.nist.gov/vuln/detail/CVE-2026-44216 external
https://github.com/bytecodealliance/wasmtime/secu… external
https://access.redhat.com/security/cve/CVE-2026-48523 self
https://bugzilla.redhat.com/show_bug.cgi?id=2482743 external
https://www.cve.org/CVERecord?id=CVE-2026-48523 external
https://nvd.nist.gov/vuln/detail/CVE-2026-48523 external
https://github.com/jpadilla/pyjwt/security/adviso… external
https://access.redhat.com/security/cve/CVE-2026-48525 self
https://bugzilla.redhat.com/show_bug.cgi?id=2482752 external
https://www.cve.org/CVERecord?id=CVE-2026-48525 external
https://nvd.nist.gov/vuln/detail/CVE-2026-48525 external
https://github.com/jpadilla/pyjwt/security/adviso… external
https://access.redhat.com/security/cve/CVE-2026-58494 self
https://bugzilla.redhat.com/show_bug.cgi?id=2498250 external
https://www.cve.org/CVERecord?id=CVE-2026-58494 external
https://nvd.nist.gov/vuln/detail/CVE-2026-58494 external
https://github.com/bytecodealliance/wasmtime/comm… external
https://github.com/bytecodealliance/wasmtime/comm… external
https://github.com/bytecodealliance/wasmtime/comm… external
https://github.com/bytecodealliance/wasmtime/comm… external
https://github.com/bytecodealliance/wasmtime/rele… external
https://github.com/bytecodealliance/wasmtime/rele… external
https://github.com/bytecodealliance/wasmtime/rele… external
https://github.com/bytecodealliance/wasmtime/rele… external
https://github.com/bytecodealliance/wasmtime/secu… external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nrust:\n  * cargo-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * clippy-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * rust-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * rust-analyzer-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * rust-debugger-common-1.97.0-1.1.hum1 (noarch)\n  * rust-doc-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * rust-gdb-1.97.0-1.1.hum1 (noarch)\n  * rust-lldb-1.97.0-1.1.hum1 (noarch)\n  * rust-src-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * rust-std-static-aarch64-unknown-none-softfloat-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-aarch64-unknown-uefi-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-i686-pc-windows-gnu-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-wasm32-unknown-unknown-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-wasm32-wasip1-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-x86_64-pc-windows-gnu-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-x86_64-unknown-none-1.97.0-1.1.hum1 (noarch)\n  * rust-std-static-x86_64-unknown-uefi-1.97.0-1.1.hum1 (noarch)\n  * rustfmt-1.97.0-1.1.hum1 (aarch64, x86_64)\n  * rust-1.97.0-1.1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:38187",
        "url": "https://access.redhat.com/errata/RHSA-2026:38187"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59869",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59869"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-9678",
        "url": "https://access.redhat.com/security/cve/CVE-2026-9678"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-48525",
        "url": "https://access.redhat.com/security/cve/CVE-2026-48525"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-48523",
        "url": "https://access.redhat.com/security/cve/CVE-2026-48523"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-40898",
        "url": "https://access.redhat.com/security/cve/CVE-2026-40898"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44216",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44216"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59887",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59887"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-58494",
        "url": "https://access.redhat.com/security/cve/CVE-2026-58494"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_38187.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-07-13T13:04:51+00:00",
      "generator": {
        "date": "2026-07-13T13:04:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.2"
        }
      },
      "id": "RHSA-2026:38187",
      "initial_release_date": "2026-07-11T01:14:07+00:00",
      "revision_history": [
        {
          "date": "2026-07-11T01:14:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-13T11:24:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-13T13:04:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rust-main@aarch64",
                "product": {
                  "name": "rust-main@aarch64",
                  "product_id": "rust-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cargo@1.97.0-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rust-main@x86_64",
                "product": {
                  "name": "rust-main@x86_64",
                  "product_id": "rust-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cargo@1.97.0-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rust-main@src",
                "product": {
                  "name": "rust-main@src",
                  "product_id": "rust-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rust@1.97.0-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rust-main@noarch",
                "product": {
                  "name": "rust-main@noarch",
                  "product_id": "rust-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rust-debugger-common@1.97.0-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rust-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:rust-main@aarch64"
        },
        "product_reference": "rust-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rust-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:rust-main@noarch"
        },
        "product_reference": "rust-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rust-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:rust-main@src"
        },
        "product_reference": "rust-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rust-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:rust-main@x86_64"
        },
        "product_reference": "rust-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-9678",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-06-17T19:01:33.359372+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2490000"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:rust-main@aarch64",
          "Red Hat Hardened Images:rust-main@noarch",
          "Red Hat Hardened Images:rust-main@src",
          "Red Hat Hardened Images:rust-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9678"
        },
        {
          "category": "external",
          "summary": "RHBZ#2490000",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
        }
      ],
      "release_date": "2026-06-17T17:04:09.680000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-11T01:14:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:38187"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
    },
    {
      "cve": "CVE-2026-40898",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-06-04T19:00:56.584166+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2484875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service (DoS) condition where the affected server or client may crash or run out of resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important denial-of-service flaw in `quic-go` that allows a remote attacker to exhaust system memory by sending specially crafted HTTP/3 trailer fields. This can lead to crashes or resource unavailability in affected Red Hat products utilizing `quic-go` for HTTP/3 communication, impacting both client and server implementations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:rust-main@aarch64",
          "Red Hat Hardened Images:rust-main@noarch",
          "Red Hat Hardened Images:rust-main@src",
          "Red Hat Hardened Images:rust-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-40898"
        },
        {
          "category": "external",
          "summary": "RHBZ#2484875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-40898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40898"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40898",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40898"
        },
        {
          "category": "external",
          "summary": "https://github.com/quic-go/quic-go/releases/tag/v0.59.1",
          "url": "https://github.com/quic-go/quic-go/releases/tag/v0.59.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-vvgj-x9jq-8cj9",
          "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-vvgj-x9jq-8cj9"
        }
      ],
      "release_date": "2026-06-04T17:43:36.803000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-11T01:14:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:38187"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers"
    },
    {
      "cve": "CVE-2026-44216",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-05-14T16:01:38.636308+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477467"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wasmtime, a runtime for WebAssembly. A remote attacker could exploit an arithmetic overflow vulnerability by instantiating a WebAssembly module or component that attempts to allocate an extremely large table using the WebAssembly memory64 proposal. This flaw causes Wasmtime to panic, resulting in a Denial of Service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:rust-main@aarch64",
          "Red Hat Hardened Images:rust-main@noarch",
          "Red Hat Hardened Images:rust-main@src",
          "Red Hat Hardened Images:rust-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44216"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477467",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477467"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44216"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44216",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44216"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg",
          "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg"
        }
      ],
      "release_date": "2026-05-14T14:54:32.975000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-11T01:14:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:38187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "wasmtime: Wasmtime: Denial of Service via large WebAssembly table allocation"
    },
    {
      "cve": "CVE-2026-48523",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2026-05-28T16:01:55.312396+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482743"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in PyJWT, a Python library for handling JSON Web Tokens (JWT). An attacker with control over a registered JSON Web Key (JWK) private key can bypass security checks by signing a token with a forbidden algorithm while claiming to use an allowed one. This allows the attacker to have the token accepted, potentially leading to unauthorized access or manipulation of sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as Moderate. It impacts applications using PyJWT with PyJWK keys, specifically when jwt.decode() or jwt.decode_complete() are called with a PyJWK key and the PyJWKClient.get_signing_key_from_jwt flow. An attacker must control a registered JWK private key to bypass algorithm allow-lists, limiting the exploitability in environments with strict key management.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:rust-main@aarch64",
          "Red Hat Hardened Images:rust-main@noarch",
          "Red Hat Hardened Images:rust-main@src",
          "Red Hat Hardened Images:rust-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-48523"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482743",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482743"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-48523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48523"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523"
        },
        {
          "category": "external",
          "summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f",
          "url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f"
        }
      ],
      "release_date": "2026-05-28T15:10:19.141000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-11T01:14:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:38187"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access"
    },
    {
      "cve": "CVE-2026-48525",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-05-28T16:02:28.870149+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482752"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in PyJWT. A remote attacker can exploit this by supplying an arbitrarily large Base64URL payload segment when verifying detached JSON Web Signature (JWS) tokens using the unencoded-payload option. This forces excessive CPU work and memory allocations, leading to a Denial of Service (DoS) against any endpoint verifying such tokens.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Moderate: This flaw in PyJWT, a dependency across multiple Red Hat products, allows a remote, unauthenticated attacker to trigger a Denial of Service. By submitting a specially crafted JSON Web Signature (JWS) token with an oversized unencoded payload, an attacker can force excessive CPU and memory consumption on systems verifying these tokens, leading to service disruption.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:rust-main@aarch64",
          "Red Hat Hardened Images:rust-main@noarch",
          "Red Hat Hardened Images:rust-main@src",
          "Red Hat Hardened Images:rust-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-48525"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482752",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482752"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-48525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48525"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525"
        },
        {
          "category": "external",
          "summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39",
          "url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39"
        }
      ],
      "release_date": "2026-05-28T15:11:12.483000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-11T01:14:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:38187"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens"
    },
    {
      "cve": "CVE-2026-58494",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges"
      },
      "discovery_date": "2026-07-08T21:01:32.491033+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2498250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wasmtime, a runtime for WebAssembly. A WebAssembly System Interface (WASI) guest with a read-only source file capability can exploit this vulnerability. During hard-link creation and renaming operations, the system checks directory permissions but fails to match file permissions on source and destination preopens. This allows the guest to overwrite host files exposed with read permissions through WASI filesystem interfaces.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate-impact flaw in Wasmtime allows a malicious WebAssembly System Interface (WASI) guest to overwrite host files. By exploiting insufficient permission checks during hard-link and rename operations, a guest with read-only file capabilities can modify host files that are exposed with read permissions through WASI filesystem interfaces. This could lead to data integrity issues on the host system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:rust-main@aarch64",
          "Red Hat Hardened Images:rust-main@noarch",
          "Red Hat Hardened Images:rust-main@src",
          "Red Hat Hardened Images:rust-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-58494"
        },
        {
          "category": "external",
          "summary": "RHBZ#2498250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-58494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-58494"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-58494",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58494"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c",
          "url": "https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367",
          "url": "https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd",
          "url": "https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e",
          "url": "https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11",
          "url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12",
          "url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3",
          "url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1",
          "url": "https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj",
          "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj"
        }
      ],
      "release_date": "2026-07-08T20:22:16.039000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-11T01:14:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:38187"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:rust-main@aarch64",
            "Red Hat Hardened Images:rust-main@noarch",
            "Red Hat Hardened Images:rust-main@src",
            "Red Hat Hardened Images:rust-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wasmtime: Wasmtime: Overwrite host files via insufficient permission checks in wasmtime-wasi"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…