RHSA-2026:21275CriticalCVSS 8.2

Red Hat Security Advisory: Red Hat Update Infrastructure 5.1 security update

Published
May 27, 2026
Last Modified
May 27, 2026

🔗 CVE IDs covered (29)

CVE-2026-4878CVE-2026-35386CVE-2026-0672CVE-2026-35387CVE-2026-35388CVE-2025-6075 · pendingCVE-2025-13837 · pendingCVE-2026-3644 · pendingCVE-2026-31790CVE-2025-14087CVE-2026-1502CVE-2026-6100CVE-2026-34982CVE-2026-35414CVE-2026-35535CVE-2026-40356CVE-2025-15282CVE-2026-2297CVE-2026-4224CVE-2026-4519CVE-2025-59375CVE-2026-2100CVE-2026-35385CVE-2026-4786CVE-2026-29111CVE-2026-40355CVE-2026-42945CVE-2025-14512CVE-2026-0865

📋 Description

CVE-2025-6075 — python: Quadratic complexity in os.path.expandvars() with user-controlled template CVE-2025-13837 — cpython: Out-of-memory when loading Plist CVE-2025-14087 — glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14512 — glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow CVE-2025-15282 — cpython: Header injection via newlines in data URL mediatype in Python CVE-2025-59375 — firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2026-0672 — cpython: Header injection in http.cookies.Morsel in Python CVE-2026-0865 — cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-1502 — python: Python: HTTP header injection via CR/LF in proxy tunnel headers CVE-2026-2100 — p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters CVE-2026-2297 — cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-3644 — cpython: Incomplete control character validation in http.cookies CVE-2026-4224 — cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4519 — python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-29111 — systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-31790 — openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-34982 — vim: arbitrary command execution via modeline sandbox bypass CVE-2026-35385 — OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35386 — OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVE-2026-35387 — OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage CVE-2026-35388 — OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions CVE-2026-35414 — OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option CVE-2026-35535 — sudo: Sudo: Privilege escalation due to failure in privilege drop calls CVE-2026-40355 — krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism CVE-2026-40356 — krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read CVE-2026-42945 — nginx: NGINX: Arbitrary Code Execution Vulnerability

🔗 References (34)