Red Hat Security Advisory: RHOAI 3.3.5 - Red Hat OpenShift AI
🔗 CVE IDs covered (32)
📋 Description
CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url
CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
CVE-2026-1462 — keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode
CVE-2026-2614 — mlflow: mlflow: Arbitrary file read via bypassed source path validation
CVE-2026-5241 — python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting
CVE-2026-8643 — python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting
CVE-2026-28356 — multipart: denial of service via maliciously crafted HTTP or multipart segment headers
CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVE-2026-31958 — tornado-python: Tornado: Denial of Service via large multipart bodies
CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)
CVE-2026-32640 — simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling
CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
CVE-2026-33231 — nltk: NLTK: Denial of Service via unauthenticated remote shutdown
CVE-2026-33236 — nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files
CVE-2026-33245 — react-router: React Router: Cross-Site Scripting vulnerability via untrusted React Server Component redirects
CVE-2026-33699 — pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode
CVE-2026-34070 — langchain: path traversal in legacy load_prompt functions in langchain-core
CVE-2026-34993 — aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()
CVE-2026-35536 — tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
CVE-2026-39830 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API
CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
CVE-2026-41242 — protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields
CVE-2026-42561 — python-multipart: python-multipart: Denial of Service via excessive multipart part headers
CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression
CVE-2026-46595 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header
🔗 References (36)
- selfhttps://access.redhat.com/errata/RHSA-2026:37275
- externalhttps://access.redhat.com/security/cve/CVE-2025-61726
- externalhttps://access.redhat.com/security/cve/CVE-2025-69223
- externalhttps://access.redhat.com/security/cve/CVE-2026-1462
- externalhttps://access.redhat.com/security/cve/CVE-2026-23490
- externalhttps://access.redhat.com/security/cve/CVE-2026-2614
- externalhttps://access.redhat.com/security/cve/CVE-2026-27893
- externalhttps://access.redhat.com/security/cve/CVE-2026-28356
- externalhttps://access.redhat.com/security/cve/CVE-2026-28684
- externalhttps://access.redhat.com/security/cve/CVE-2026-30922
- externalhttps://access.redhat.com/security/cve/CVE-2026-31958
- externalhttps://access.redhat.com/security/cve/CVE-2026-32597
- externalhttps://access.redhat.com/security/cve/CVE-2026-32640
- externalhttps://access.redhat.com/security/cve/CVE-2026-33186
- externalhttps://access.redhat.com/security/cve/CVE-2026-33231
- externalhttps://access.redhat.com/security/cve/CVE-2026-33236
- externalhttps://access.redhat.com/security/cve/CVE-2026-33245
- externalhttps://access.redhat.com/security/cve/CVE-2026-33699
- externalhttps://access.redhat.com/security/cve/CVE-2026-34070
- externalhttps://access.redhat.com/security/cve/CVE-2026-34993
- externalhttps://access.redhat.com/security/cve/CVE-2026-35536
- externalhttps://access.redhat.com/security/cve/CVE-2026-39830
- externalhttps://access.redhat.com/security/cve/CVE-2026-39892
- externalhttps://access.redhat.com/security/cve/CVE-2026-40192
- externalhttps://access.redhat.com/security/cve/CVE-2026-41242
- externalhttps://access.redhat.com/security/cve/CVE-2026-42561
- externalhttps://access.redhat.com/security/cve/CVE-2026-44431
- externalhttps://access.redhat.com/security/cve/CVE-2026-44432
- externalhttps://access.redhat.com/security/cve/CVE-2026-46595
- externalhttps://access.redhat.com/security/cve/CVE-2026-48526
- externalhttps://access.redhat.com/security/cve/CVE-2026-48710
- externalhttps://access.redhat.com/security/cve/CVE-2026-5241
- externalhttps://access.redhat.com/security/cve/CVE-2026-8643
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37275.json