Red Hat — Security Activity Report
Enterprise Linux + middleware (RHSA advisories)
Generated Jul 12, 2026Cohort: 9 vendors with ≥10 CVE advisoriesMethodology ↗
CVE Disclosure Volume
Total all-time: 25,241 CVEs with Red Hat advisories. Source: NVD CVE records joined with vendor advisory publish dates.
Severity Composition
↓ -8.8 pp34.4% of Red Hat's 25,241 CVEs are CRITICAL or HIGH severity. Industry median: 43.2%. Source: NVD CVSS v3.1.
CISA KEV Listings
↓ -0.5 pp38 of 7,324 Red Hat CVEs in the last 3 years are on CISA's Known Exploited Vulnerabilities catalog (0.5%). Industry median: 1.0%.
Source: CISA Known Exploited Vulnerabilities catalog (current snapshot). KEV listing means CISA observed active in-the-wild exploitation.
Vendor Patch Velocity
↑ +6.3 daysMedian time from CVE disclosure to Red Hat advisory: 21 days (p25 4 days – p75 54 days). Industry median: 15 days.
Sample size: 359 CVE→advisory pairs over the last 3 years. Source: vendor advisory published_at minus CVE published.
Top Recurring Weakness Classes
Most-frequently mapped CWEs across Red Hat's last 3 years of CVE disclosures. Source: NVD — CWE mapping per MITRE taxonomy.
Recent Security Advisories
Latest advisories published by Red Hat, straight from the vendor's own feed. Severity labels are the vendor's — scales differ across vendors.
- RHSA-2026:38304MediumCVSS 5.3Jul 12, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
- RHSA-2026:38236HighCVSS 7.5Jul 11, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
- RHSA-2026:38187HighCVSS 7.5Jul 11, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- RHSA-2026:38091MediumCVSS 7.3Jul 10, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
- RHSA-2026:38090MediumCVSS 7.3Jul 10, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
- RHSA-2026:38018HighCVSS 7.5Jul 10, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- RHSA-2026:38017HighCVSS 7.5Jul 10, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
- RHSA-2026:37577HighCVSS 7.5Jul 10, 2026
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Full advisory archive: /pulse/vendor-advisories →
Data sources & corrections
- NVD National Vulnerability Database (nvd.nist.gov) — CVE records + CVSS v3.1 severity
- MITRE cvelistV5 (github.com/CVEProject/cvelistV5) — CNA-published CVE timestamps
- CISA Known Exploited Vulnerabilities catalog (cisa.gov/known-exploited-vulnerabilities-catalog)
- Vendor security advisories (RHSA, USN, MSRC, GHSA, etc.) — published_at timestamps
- MITRE CWE taxonomy (cwe.mitre.org) — weakness class mappings
Snapshot generated Jul 12, 2026. Industry medians refresh every 6 hours; raw vendor counts are queried live on each request.
Spot a factual error in this report?
Email [email protected] with the specific number you're disputing and a link to the authoritative source. We review every report and publish corrections on the methodology page.