RHSA-2026:30088CriticalCVSS 9.8

Red Hat Security Advisory: Red Hat AI Inference Server 3.3.5 (ROCm)

Published
June 25, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (23)

📋 Description

CVE-2026-4775 — libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-10118 — poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-22778 — vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint. CVE-2026-22807 — vLLM: vLLM: Arbitrary code execution via untrusted model loading CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-24779 — vLLM: vLLM: Server-Side Request Forgery allows internal network access CVE-2026-34588 — OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34982 — vim: arbitrary command execution via modeline sandbox bypass CVE-2026-35385 — OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35535 — sudo: Sudo: Privilege escalation due to failure in privilege drop calls CVE-2026-37555 — libsndfile: integer overflow in ima_reader_init() CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-39979 — jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers CVE-2026-40164 — jq: jq: Denial of Service via crafted JSON object causing hash collisions CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header CVE-2026-48746 — vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access CVE-2026-48818 — starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

🔗 References (27)