RHSA-2026:26411HighCVSS 7.5
Red Hat Security Advisory: New container image: rhceph-9.0
🔗 CVE IDs covered (7)
📋 Description
CVE-2024-55565 — nanoid: nanoid mishandles non-integer values CVE-2025-47913 — golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS CVE-2025-47914 — golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages CVE-2025-58181 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication CVE-2025-59343 — tar-fs: tar-fs symlink validation bypass CVE-2025-64718 — js-yaml: js-yaml prototype pollution in merge CVE-2025-64756 — glob: glob: Command Injection Vulnerability via Malicious Filenames
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:26411
- externalhttps://access.redhat.com/security/cve/CVE-2024-55565
- externalhttps://access.redhat.com/security/cve/CVE-2025-47913
- externalhttps://access.redhat.com/security/cve/CVE-2025-47914
- externalhttps://access.redhat.com/security/cve/CVE-2025-58181
- externalhttps://access.redhat.com/security/cve/CVE-2025-59343
- externalhttps://access.redhat.com/security/cve/CVE-2025-64718
- externalhttps://access.redhat.com/security/cve/CVE-2025-64756
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26411.json