RHSA-2026:33154HighCVSS 8.8

Red Hat Security Advisory: Red Hat Ceph Storage

Published
June 29, 2026
Last Modified
July 3, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2024-6345 — pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools CVE-2024-12905 — tar-fs: link following and path traversal via maliciously crafted tar file CVE-2024-55565 — nanoid: nanoid mishandles non-integer values CVE-2025-5889 — brace-expansion: juliangruber brace-expansion index.js expand redos CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-45768 — pyjwt: pyjwt Weak Encryption Vulnerability CVE-2025-47913 — golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS CVE-2025-50181 — urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation CVE-2025-52555 — ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS CVE-2025-59343 — tar-fs: tar-fs symlink validation bypass CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

🔗 References (15)