RHSA-2026:34368HighCVSS 8.8

Red Hat Security Advisory: Satellite 6.18.7 Async Update

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2026-5135 — foreman: Foreman: Unauthorized modification of host configurations via broken access control CVE-2026-5136 — foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation CVE-2026-5138 — foreman: Foreman: Information disclosure via improper validation of nested request parameters CVE-2026-5142 — foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

🔗 References (10)