Red Hat Security Advisory: RHOAI 2.25.7 - Red Hat OpenShift AI
🔗 CVE IDs covered (37)
📋 Description
CVE-2025-14813 — bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
CVE-2025-48956 — vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests
CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url
CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
CVE-2025-69227 — aiohttp: aiohttp: Denial of Service via specially crafted POST request
CVE-2025-69228 — aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request
CVE-2026-1462 — keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode
CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports
CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies
CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
CVE-2026-24747 — pytorch: PyTorch: Arbitrary code execution via malicious checkpoint file loading
CVE-2026-25048 — xgrammar: xgrammar: Denial of Service via multi-level nested syntax
CVE-2026-25960 — vLLM: vLLM: Server-Side Request Forgery bypass via inconsistent URL parsing
CVE-2026-27489 — onnx: ONNX: Information Disclosure via Path Traversal Vulnerability
CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting
CVE-2026-28500 — onnx: ONNX: Untrusted Model Repository Warnings Suppressed
CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution
CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion
CVE-2026-31958 — tornado-python: Tornado: Denial of Service via large multipart bodies
CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)
CVE-2026-32981 — ray: Ray Dashboard Path Traversal Leading to Local File Disclosure
CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
CVE-2026-33231 — nltk: NLTK: Denial of Service via unauthenticated remote shutdown
CVE-2026-34986 — github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
CVE-2026-34993 — aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()
CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API
CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
CVE-2026-40895 — follow-redirects: follow-redirects: Information disclosure via cross-domain redirects
CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization
CVE-2026-41242 — protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields
CVE-2026-42033 — axios: Axios: HTTP Transport Hijacking via Prototype Pollution
CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution
CVE-2026-42039 — axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data
CVE-2026-42041 — axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling
CVE-2026-42043 — axios: Axios: NO_PROXY bypass via crafted URL
🔗 References (41)
- selfhttps://access.redhat.com/errata/RHSA-2026:24977
- externalhttps://access.redhat.com/security/cve/CVE-2025-14813
- externalhttps://access.redhat.com/security/cve/CVE-2025-48956
- externalhttps://access.redhat.com/security/cve/CVE-2025-61726
- externalhttps://access.redhat.com/security/cve/CVE-2025-62718
- externalhttps://access.redhat.com/security/cve/CVE-2025-69227
- externalhttps://access.redhat.com/security/cve/CVE-2025-69228
- externalhttps://access.redhat.com/security/cve/CVE-2026-1462
- externalhttps://access.redhat.com/security/cve/CVE-2026-23490
- externalhttps://access.redhat.com/security/cve/CVE-2026-24747
- externalhttps://access.redhat.com/security/cve/CVE-2026-25048
- externalhttps://access.redhat.com/security/cve/CVE-2026-25960
- externalhttps://access.redhat.com/security/cve/CVE-2026-27489
- externalhttps://access.redhat.com/security/cve/CVE-2026-27893
- externalhttps://access.redhat.com/security/cve/CVE-2026-28500
- externalhttps://access.redhat.com/security/cve/CVE-2026-28684
- externalhttps://access.redhat.com/security/cve/CVE-2026-29063
- externalhttps://access.redhat.com/security/cve/CVE-2026-29074
- externalhttps://access.redhat.com/security/cve/CVE-2026-31958
- externalhttps://access.redhat.com/security/cve/CVE-2026-32280
- externalhttps://access.redhat.com/security/cve/CVE-2026-32597
- externalhttps://access.redhat.com/security/cve/CVE-2026-32981
- externalhttps://access.redhat.com/security/cve/CVE-2026-33186
- externalhttps://access.redhat.com/security/cve/CVE-2026-33231
- externalhttps://access.redhat.com/security/cve/CVE-2026-34986
- externalhttps://access.redhat.com/security/cve/CVE-2026-34993
- externalhttps://access.redhat.com/security/cve/CVE-2026-39892
- externalhttps://access.redhat.com/security/cve/CVE-2026-40192
- externalhttps://access.redhat.com/security/cve/CVE-2026-40895
- externalhttps://access.redhat.com/security/cve/CVE-2026-41240
- externalhttps://access.redhat.com/security/cve/CVE-2026-41242
- externalhttps://access.redhat.com/security/cve/CVE-2026-42033
- externalhttps://access.redhat.com/security/cve/CVE-2026-42035
- externalhttps://access.redhat.com/security/cve/CVE-2026-42039
- externalhttps://access.redhat.com/security/cve/CVE-2026-42041
- externalhttps://access.redhat.com/security/cve/CVE-2026-42043
- externalhttps://access.redhat.com/security/cve/CVE-2026-4800
- externalhttps://access.redhat.com/security/cve/CVE-2026-6321
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24977.json