RHSA-2026:37272HighCVSS 8.8

Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release

Published
July 9, 2026
Last Modified
July 10, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2025-71319 — image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images. CVE-2026-39828 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions CVE-2026-39829 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39830 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses CVE-2026-39835 — golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate CVE-2026-42151 — github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API CVE-2026-42570 — devalue: devalue: Excessive memory consumption via deserialization of sparse arrays CVE-2026-44573 — next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n CVE-2026-44574 — Next.js: Next.js: Authorization bypass via crafted query parameters CVE-2026-44575 — next.js: Next.js: Unauthorized access to protected content via middleware bypass CVE-2026-44577 — Next.js: Next.js: Denial of Service via Image Optimization API CVE-2026-44578 — Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests CVE-2026-44579 — next.js: Next.js: Denial of Service via crafted POST requests to server actions CVE-2026-45109 — next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack CVE-2026-45736 — ws: ws: Uninitialized memory disclosure via websocket.close() with TypedArray CVE-2026-48779 — ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

🔗 References (21)