RHSA-2026:34368HighCVSS 8.8
Red Hat Security Advisory: Satellite 6.18.7 Async Update
🔗 CVE IDs covered (6)
📋 Description
CVE-2026-5135 — foreman: Foreman: Unauthorized modification of host configurations via broken access control CVE-2026-5136 — foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation CVE-2026-5138 — foreman: Foreman: Information disclosure via improper validation of nested request parameters CVE-2026-5142 — foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass CVE-2026-32282 — golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:34368
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452230
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452970
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452971
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452999
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2456336
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458856
- externalhttps://issues.redhat.com/browse/SAT-47204
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34368.json