RHSA-2026:30076HighCVSS 8.1
Red Hat Security Advisory: Red Hat Quay 3.12.19
🔗 CVE IDs covered (6)
📋 Description
CVE-2026-6322 — fast-uri: fast-uri: URI authority bypass due to improper delimiter handling CVE-2026-9277 — shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators CVE-2026-10143 — kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44496 — axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:30076
- externalhttps://access.redhat.com/security/cve/CVE-2026-10143
- externalhttps://access.redhat.com/security/cve/CVE-2026-44432
- externalhttps://access.redhat.com/security/cve/CVE-2026-44496
- externalhttps://access.redhat.com/security/cve/CVE-2026-48526
- externalhttps://access.redhat.com/security/cve/CVE-2026-6322
- externalhttps://access.redhat.com/security/cve/CVE-2026-9277
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30076.json