RHSA-2026:24977HighCVSS 9.1

Red Hat Security Advisory: RHOAI 2.25.7 - Red Hat OpenShift AI

Published
June 10, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (37)

📋 Description

CVE-2025-14813 — bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly CVE-2025-48956 — vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2025-69227 — aiohttp: aiohttp: Denial of Service via specially crafted POST request CVE-2025-69228 — aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request CVE-2026-1462 — keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-6321 — fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-24747 — pytorch: PyTorch: Arbitrary code execution via malicious checkpoint file loading CVE-2026-25048 — xgrammar: xgrammar: Denial of Service via multi-level nested syntax CVE-2026-25960 — vLLM: vLLM: Server-Side Request Forgery bypass via inconsistent URL parsing CVE-2026-27489 — onnx: ONNX: Information Disclosure via Path Traversal Vulnerability CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting CVE-2026-28500 — onnx: ONNX: Untrusted Model Repository Warnings Suppressed CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion CVE-2026-31958 — tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-32280 — crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation) CVE-2026-32981 — ray: Ray Dashboard Path Traversal Leading to Local File Disclosure CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-33231 — nltk: NLTK: Denial of Service via unauthenticated remote shutdown CVE-2026-34986 — github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object CVE-2026-34993 — aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing CVE-2026-40895 — follow-redirects: follow-redirects: Information disclosure via cross-domain redirects CVE-2026-41240 — DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization CVE-2026-41242 — protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields CVE-2026-42033 — axios: Axios: HTTP Transport Hijacking via Prototype Pollution CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution CVE-2026-42039 — axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data CVE-2026-42041 — axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling CVE-2026-42043 — axios: Axios: NO_PROXY bypass via crafted URL

🔗 References (41)