RHSA-2026:34527HighCVSS 8.7
Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image
🔗 CVE IDs covered (4)
📋 Description
CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-44487 — axios: Axios: Information disclosure of proxy credentials via redirect flows CVE-2026-44488 — axios: Axios: Denial of Service due to unenforced request and response size limits CVE-2026-44494 — axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:34527
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2026-44487
- externalhttps://access.redhat.com/security/cve/CVE-2026-44488
- externalhttps://access.redhat.com/security/cve/CVE-2026-44494
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/software/containers/search
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34527.json