RHSA-2026:30087CriticalCVSS 9.8

Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (Spyre)

Published
June 25, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (20)

📋 Description

CVE-2025-62164 — vllm: VLLM deserialization vulnerability leading to DoS and potential RCE CVE-2025-66448 — vllm: vLLM: Remote Code Execution via malicious model configuration CVE-2026-4775 — libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-10118 — poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-22773 — vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving CVE-2026-22778 — vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. CVE-2026-22807 — vLLM: vLLM: Arbitrary code execution via untrusted model loading CVE-2026-24779 — vLLM: vLLM: Server-Side Request Forgery allows internal network access CVE-2026-34588 — OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34982 — vim: arbitrary command execution via modeline sandbox bypass CVE-2026-35385 — OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-37555 — libsndfile: integer overflow in ima_reader_init() CVE-2026-39979 — jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers CVE-2026-40164 — jq: jq: Denial of Service via crafted JSON object causing hash collisions CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-48818 — starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

🔗 References (24)