Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
🔗 CVE IDs covered (10)
📋 Description
CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-14550 — Django: Django: Denial of Service via crafted request with duplicate headers CVE-2026-1207 — Django: Django: SQL Injection via RasterField band index parameter CVE-2026-1285 — Django: Django: Denial of Service via crafted HTML inputs CVE-2026-1287 — Django: Django: SQL Injection via crafted column aliases CVE-2026-1312 — Django: Django: SQL injection via crafted column aliases in QuerySet.order_by() CVE-2026-22029 — @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-25639 — axios: Axios affected by Denial of Service via proto Key in mergeConfig CVE-2026-26007 — cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2026:2694
- externalhttps://access.redhat.com/security/cve/CVE-2025-13465
- externalhttps://access.redhat.com/security/cve/CVE-2025-14550
- externalhttps://access.redhat.com/security/cve/CVE-2026-1207
- externalhttps://access.redhat.com/security/cve/CVE-2026-1285
- externalhttps://access.redhat.com/security/cve/CVE-2026-1287
- externalhttps://access.redhat.com/security/cve/CVE-2026-1312
- externalhttps://access.redhat.com/security/cve/CVE-2026-22029
- externalhttps://access.redhat.com/security/cve/CVE-2026-24049
- externalhttps://access.redhat.com/security/cve/CVE-2026-25639
- externalhttps://access.redhat.com/security/cve/CVE-2026-26007
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2694.json