RHSA-2026:24841MediumCVSS 6.5

Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.

Published
June 9, 2026
Last Modified
July 3, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2026-2950 — lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass CVE-2026-4923 — path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards CVE-2026-22036 — undici: Undici: Denial of Service via excessive decompression steps CVE-2026-27601 — Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions CVE-2026-31988 — yauzl: yauzl: Denial of Service vulnerability in zip file processing CVE-2026-32235 — @backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass CVE-2026-33349 — fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling

🔗 References (20)