Red Hat

Multiple npm packages within the legitimate @redhat-cloud-services namespace have been hijacked with malicious code, posing a supply chain risk.

A supply chain attack compromised over 30 npm packages under Red Hat's '@redhat-cloud-services' namespace, distributing a credential-stealing malware variant named 'Miasma' that targets sensitive developer information.

Identifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.

A local attacker can exploit a vulnerability in Red Hat Enterprise Linux (crun) to escalate their privileges, potentially gaining root access.

The CIFSwitch vulnerability in the Linux kernel allows an unprivileged user to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges by loading a malicious NSS module.

CVE-2026-46579 describes a vulnerability in the Red Hat OpenShift Router. When a Route is configured with `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend fails to remove `X-SSL-Client-*` headers from incoming requests, allowing unauthenticated attackers to bypass mutual TLS authentication and impersonate client certificate identities.

CVE-2026-42965 describes a server-side request forgery (SSRF) vulnerability in the OpenShift Router where a user with EndpointSlice write access can expose instance credentials by creating a service that proxies requests to a cloud metadata endpoint.

An authenticated attacker can exploit multiple vulnerabilities in the Flatpak package of Red Hat Enterprise Linux to execute arbitrary program code and delete files.

Multiple vulnerabilities in Red Hat OpenShift Tempo allow an unauthenticated remote attacker to bypass security measures, disclose sensitive information, manipulate data, or cause a denial of service condition.

A command injection vulnerability (CVE-2026-44604) exists in the `rpmuncompress` utility of RPM; when extracting specially crafted ZIP, 7z, or GEM archives, an attacker can inject shell commands via a malicious top-level folder name, leading to arbitrary code execution as the user running the extraction.

CVE-2026-1933 describes a vulnerability in Samba's handling of NTFS-style reparse points on read-only shares, allowing authenticated users with filesystem write permissions to modify reparse point metadata and potentially alter SMB-visible file behavior.

A vulnerability in gnutls (CVE-2026-42013) allows a remote attacker to bypass certificate validation by providing an oversized Subject Alternative Name (SAN), causing the validation process to fall back to the Common Name (CN) field, potentially leading to spoofing or man-in-the-middle attacks.

CVE-2026-7374 allows an authenticated OpenShift user with edit permissions in a single namespace to escalate privileges to full cluster control by exploiting improper symlink validation in KubeVirt's virt-handler component when connecting to VM console sockets.

CVE-2026-9064 describes a denial-of-service vulnerability in 389-ds-base where an unauthenticated attacker can send a crafted LDAP request with excessive controls, causing excessive CPU consumption and heap allocation, leading to latency degradation, worker thread starvation, or out-of-memory termination.

CVE-2026-7571 describes a vulnerability in Keycloak where a low-privilege user can bypass security controls intended to disable the implicit flow in OpenID Connect (OIDC) clients by manipulating client data during session restart, potentially exposing access tokens.

A session fixation vulnerability in Keycloak's /login-actions/restart endpoint allows an unauthenticated attacker to hijack a user's session by crafting a malicious link that resets the authentication flow, potentially leading to account takeover.

A vulnerability in Keycloak's URL validation allows attackers to redirect users to unauthorized URLs by exploiting discrepancies in the handling of the user-info component within URLs, potentially leading to sensitive information exposure.

A remote, authenticated attacker can exploit a vulnerability in Podman to manipulate files on the host system.

An authenticated or anonymous attacker can exploit multiple vulnerabilities in Red Hat Enterprise Linux regarding Valkey to manipulate files or cause a denial-of-service condition.

An authenticated remote attacker can exploit a vulnerability in Keycloak to bypass security measures.

An authenticated or unauthenticated remote attacker can exploit multiple vulnerabilities in Red Hat Enterprise Linux and Quarkus to perform a denial of service attack, disclose sensitive information, or manipulate data.

A remote anonymous attacker can exploit multiple vulnerabilities in the Grafana component of Red Hat Enterprise Linux and OpenShift to execute arbitrary code, disclose confidential information, and cause a denial-of-service condition.

A vulnerability in the cloud-init component of Red Hat Enterprise Linux allows an attacker from an adjacent network to gain administrator privileges.

This brief outlines how Linux cgroups, a kernel feature for resource management, can be repurposed to provide valuable telemetry for detecting malicious processes, particularly in systemd, Docker, and Kubernetes environments, aiding in investigations of server compromises.

An anonymous remote attacker can exploit multiple vulnerabilities in Kiali for Red Hat OpenShift Service Mesh to gain extended privileges, bypass security measures, manipulate or disclose data, or cause a denial-of-service condition.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Enterprise Linux to execute arbitrary code or cause a denial-of-service condition.

Multiple vulnerabilities in Red Hat Build of Keycloak could allow an attacker to bypass authentication, gain elevated privileges, disclose sensitive information, cause a denial of service condition, execute arbitrary code, or manipulate data.

A remote, anonymous attacker can exploit a vulnerability in Red Hat Enterprise Linux (openEXR) to execute arbitrary program code.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Hardened Images RPMs to cause a denial-of-service condition and possibly manipulate data or perform path traversal attacks.

A local attacker can exploit a vulnerability in Podman HyperV Machine to execute arbitrary program code with administrator privileges, leading to complete system compromise.

The Dirty Frag vulnerability (CVE-2026-43284 and CVE-2026-43500) is a Linux kernel local privilege escalation that allows an unprivileged local user to gain root privileges by exploiting flaws in the networking subsystem to overwrite protected file contents in the page cache.

Multiple vulnerabilities in Red Hat Build of Debezium for Red Hat Application Foundations could allow an attacker to execute arbitrary code.

An unauthenticated or authenticated remote attacker can exploit vulnerabilities in Red Hat Enterprise Linux to perform cross-site scripting, cause denial of service, or disclose sensitive information.

An anonymous remote attacker can exploit multiple vulnerabilities in Red Hat OpenShift Service Mesh to manipulate files, disclose information, or cause a denial-of-service condition.

Dell published security advisories addressing vulnerabilities in APEX Cloud Platform, Automation Platform, Command | Monitor, CyberSense, NativeEdge Orchestrator, SmartFabric Manager, iDRAC, Disk Library, and PowerProtect Cyber Recovery, requiring users to apply necessary updates.

A remote, authenticated attacker can exploit a vulnerability in Red Hat Advanced Cluster Management and Multicluster engine for Kubernetes to execute arbitrary program code or cause a denial of service condition.

A local attacker can exploit a vulnerability in Red Hat Hardened Images RPMs to execute arbitrary code or cause a denial of service.

Multiple vulnerabilities in Red Hat Hardened Images RPMs can be exploited by an attacker to bypass security measures, escalate privileges, disclose sensitive information, manipulate data, or cause a denial-of-service condition.

Multiple vulnerabilities in Red Hat Enterprise Linux and Red Hat Satellite could allow a remote, anonymous attacker to disclose information or execute arbitrary code.

A remote, authenticated attacker can exploit a vulnerability in Red Hat OpenShift Container Platform to bypass security measures.

A remote, anonymous attacker can exploit a vulnerability in Podman Desktop to perform a denial of service attack and disclose sensitive information.

A remote, anonymous attacker can exploit a vulnerability in Red Hat Enterprise Linux freeipmi to cause a denial of service condition or memory corruption, potentially allowing arbitrary code execution.

A remote, anonymous attacker can exploit a vulnerability in Red Hat Enterprise Linux (python-wheel) to escalate privileges or execute arbitrary code.

Quarkus Vertx HTTP versions < 3.20.6.1, >= 3.21.0 and < 3.27.3.1, >= 3.30.0 and < 3.33.1.1, and >= 3.34.0 and < 3.35.1.1 are vulnerable to an authorization bypass where appending a semicolon and arbitrary text to the request URL allows unauthorized access to protected resources.

CVE-2026-6266 allows a remote attacker to hijack user accounts in AAP gateway by manipulating the IDP-provided email during the user auto-linking process, potentially gaining unauthorized access, including administrative privileges.

The 'Copy Fail' vulnerability (CVE-2026-31431) in the Linux kernel allows a local attacker to escalate privileges to root, potentially leading to container breakout and lateral movement in cloud environments.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.

A local privilege escalation vulnerability, dubbed 'Copy Fail' (CVE-2026-31431), affects Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions by exploiting a logic bug in the authencesn cryptographic template.

A remote, anonymous attacker can exploit multiple vulnerabilities in Fast Datapath for Red Hat Enterprise Linux to perform a denial-of-service attack or disclose sensitive information.

Multiple vulnerabilities in the Red Hat Linux kernel allow for arbitrary code execution, privilege escalation, and remote denial of service.

Multiple vulnerabilities in Red Hat Enterprise Linux's LibRaw component allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

InstructLab is vulnerable to arbitrary code execution because the `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace, allowing remote attackers to execute code by convincing a user to load a malicious model.

This analytic detects unexpected shutdowns of the Linux auditd daemon, potentially indicating attempts to disable security monitoring and evade detection by attackers.

Detection of abnormal Linux audit daemon (auditd) termination via DAEMON_ABORT events, indicating potential auditing subsystem failure due to resource exhaustion, corruption, or malicious interference.

Detection of Linux audit daemon (auditd) re-initialization events, which can indicate attempts to re-enable audit logging after evasion or restarts with modified rule sets.