RHSA-2026:37275CriticalCVSS 9.1

Red Hat Security Advisory: RHOAI 3.3.5 - Red Hat OpenShift AI

Published
July 9, 2026
Last Modified
July 12, 2026

🔗 CVE IDs covered (32)

📋 Description

CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb CVE-2026-1462 — keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode CVE-2026-2614 — mlflow: mlflow: Arbitrary file read via bypassed source path validation CVE-2026-5241 — python-transformers: python-transformers: Arbitrary code execution due to overridden trust_remote_code setting CVE-2026-8643 — python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting CVE-2026-28356 — multipart: denial of service via maliciously crafted HTTP or multipart segment headers CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-31958 — tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation) CVE-2026-32640 — simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-33231 — nltk: NLTK: Denial of Service via unauthenticated remote shutdown CVE-2026-33236 — nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files CVE-2026-33245 — react-router: React Router: Cross-Site Scripting vulnerability via untrusted React Server Component redirects CVE-2026-33699 — pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode CVE-2026-34070 — langchain: path traversal in legacy load_prompt functions in langchain-core CVE-2026-34993 — aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() CVE-2026-35536 — tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments CVE-2026-39830 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses CVE-2026-39892 — cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing CVE-2026-41242 — protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields CVE-2026-42561 — python-multipart: python-multipart: Denial of Service via excessive multipart part headers CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers CVE-2026-44432 — urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-46595 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation CVE-2026-48526 — python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header

🔗 References (36)