RHSA-2026:10140HighCVSS 8.8
Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1
🔗 CVE IDs covered (6)
CVE-2026-27893 · pendingCVE-2026-32597 →CVE-2026-4519 →CVE-2026-4786 →CVE-2026-6100 →CVE-2026-25679 →
📋 Description
CVE-2026-4519 — python: Python: Command-line option injection in webbrowser.open() via crafted URLs
CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url
CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting
CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:10140
- externalhttps://access.redhat.com/security/cve/CVE-2026-25679
- externalhttps://access.redhat.com/security/cve/CVE-2026-27893
- externalhttps://access.redhat.com/security/cve/CVE-2026-32597
- externalhttps://access.redhat.com/security/cve/CVE-2026-4519
- externalhttps://access.redhat.com/security/cve/CVE-2026-4786
- externalhttps://access.redhat.com/security/cve/CVE-2026-6100
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10140.json