RHSA-2026:36006HighCVSS 9.1

Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)

Published
July 6, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (12)

📋 Description

CVE-2026-26740 — giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension CVE-2026-33845 — gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment CVE-2026-33846 — gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly CVE-2026-34755 — vLLM: vLLM: Denial of Service due to excessive video frame processing CVE-2026-34756 — vllm: vLLM: Denial of Service via excessively large 'n' parameter in OpenAI-compatible API CVE-2026-34982 — vim: arbitrary command execution via modeline sandbox bypass CVE-2026-41523 — vllm: vLLM: Arbitrary code execution via malicious HuggingFace model CVE-2026-42009 — gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability CVE-2026-42010 — gnutls: gnutls: Authentication Bypass via NUL Character in Username CVE-2026-48746 — vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access CVE-2026-54235 — vllm: vLLM: Denial of Service due to improper floating-point validation CVE-2026-54283 — starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

🔗 References (16)