RHSA-2026:36350HighCVSS 8.5
Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
🔗 CVE IDs covered (6)
📋 Description
CVE-2025-69196 — fastmcp: FastMCP: Improper token issuance due to incorrect resource parameter handling CVE-2025-69872 — python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization CVE-2026-32871 — fastmcp: FastMCP: Authenticated Server-Side Request Forgery via path traversal in OpenAPI path parameters CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:36350
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index
- externalhttps://access.redhat.com/security/cve/CVE-2025-69196
- externalhttps://access.redhat.com/security/cve/CVE-2025-69872
- externalhttps://access.redhat.com/security/cve/CVE-2026-32871
- externalhttps://access.redhat.com/security/cve/CVE-2026-44431
- externalhttps://access.redhat.com/security/cve/CVE-2026-44432
- externalhttps://access.redhat.com/security/cve/CVE-2026-48526
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/software/containers/search
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36350.json