RHSA-2026:27998HighCVSS 7.5
Red Hat Security Advisory: Cost Management Metrics Operator Update
🔗 CVE IDs covered (7)
📋 Description
CVE-2026-2100 — p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters CVE-2026-4046 — glibc: glibc: Denial of Service via iconv() function with specific character sets CVE-2026-4437 — glibc: glibc: Incorrect DNS response parsing via crafted DNS server response CVE-2026-4438 — glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-28390 — openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-31790 — openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:27998
- externalhttps://access.redhat.com/security/cve/CVE-2026-2100
- externalhttps://access.redhat.com/security/cve/CVE-2026-28390
- externalhttps://access.redhat.com/security/cve/CVE-2026-31790
- externalhttps://access.redhat.com/security/cve/CVE-2026-4046
- externalhttps://access.redhat.com/security/cve/CVE-2026-4437
- externalhttps://access.redhat.com/security/cve/CVE-2026-4438
- externalhttps://access.redhat.com/security/cve/CVE-2026-4878
- externalhttps://access.redhat.com/security/updates/classification
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/cost_management_service/1-latest/html/getting_started_with_cost_management/steps-to-cost-management
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27998.json