RHSA-2026:34456CriticalCVSS 8.0

Red Hat Security Advisory: RHOAI 3.4.2 - Red Hat OpenShift AI

Published
July 1, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2026-2614 — mlflow: mlflow: Arbitrary file read via bypassed source path validation CVE-2026-5241 — python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting CVE-2026-8643 — python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite CVE-2026-33245 — react-router: React Router: Cross-Site Scripting vulnerability via untrusted React Server Component redirects CVE-2026-34993 — aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header

🔗 References (10)