Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RED HAT — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting RED HAT. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

Top products by RED HAT: Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Ansible keycloak Red Hat Enterprise Linux 9 Red Hat build of Keycloak 26.4 Red Hat Hardened Images Red Hat Enterprise Linux 7 glusterfs Red Hat Build of Keycloak kernel Red Hat build of Keycloak 26.2 newlib mirror registry for Red Hat OpenShift Red Hat Ansible Automation Platform 2.5 for RHEL 8 undertow OpenShift Red Hat Single Sign-On 7 samba Red Hat Advanced Cluster Security 4.2 Red Hat Quay 3 wildfly cloudforms ipa Red Hat Ansible Automation Platform 2.4 for RHEL 8 cfme Red Hat build of Apache Camel for Spring Boot 4 Red Hat Ansible Automation Platform 2 Ansible Tower
CVE IDTitleCVSSSeverityPublished
CVE-2026-2239 Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow — Red Hat Enterprise Linux 7CWE-170 2.8 Low2026-03-26
CVE-2026-2272 Gimp: gimp: memory corruption due to integer overflow in ico file handling — Red Hat Enterprise Linux 6CWE-190 4.3 Medium2026-03-26
CVE-2026-2271 Gimp: gimp: denial of service via crafted psp image file — Red Hat Enterprise Linux 6CWE-190 3.3 Low2026-03-26
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake — Red Hat Enterprise Linux 10CWE-825 6.5 Medium2026-03-26
CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission — Red Hat build of Keycloak 26.4CWE-266 6.5 Medium2026-03-26
CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api — Red Hat build of Keycloak 26.4CWE-280 4.3 Medium2026-03-26
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input — Red Hat Enterprise Linux 10CWE-770 5.5 Medium2026-03-26
CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy — Red Hat Satellite 6.16 for RHEL 8CWE-78 8.0 High2026-03-26
CVE-2026-4887 Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image — Red Hat Enterprise Linux 6CWE-193 6.1 Medium2026-03-26
CVE-2026-4874 Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation — Red Hat Build of KeycloakCWE-918 3.1 Low2026-03-26
CVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing — Red Hat Enterprise Linux 10CWE-190 7.8 High2026-03-24
CVE-2026-3260 Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests — Red Hat build of Apache Camel for Spring Boot 4CWE-770 5.9 Medium2026-03-24
CVE-2026-1940 Gstreamer: incomplete fix of cve-2026-1940 — Red Hat Enterprise Linux 10 5.1 Medium2026-03-23
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library — Red Hat Enterprise Linux 10CWE-125 6.1 Medium2026-03-23
CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages — Red Hat Build of KeycloakCWE-209 3.7 Low2026-03-23
CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control — Red Hat Build of KeycloakCWE-284 4.3 Medium2026-03-23
CVE-2026-23536 Feast: unauthenticated arbitrary file read — Red Hat OpenShift AI (RHOAI)CWE-22 7.5 High2026-03-20
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources — Red Hat Enterprise Linux 10CWE-191 6.5 Medium2026-03-19
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing — Red Hat Hardened ImagesCWE-1335 6.5 Medium2026-03-19
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing — Red Hat Enterprise Linux 10CWE-125 7.5 High2026-03-19
CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak — Red Hat Build of KeycloakCWE-918 5.8 Medium2026-03-18
CVE-2026-2575 Keycloak: keycloak: denial of service due to excessive samlrequest decompression — Red Hat build of Keycloak 26.4CWE-409 5.3 Medium2026-03-18
CVE-2026-2603 Keycloak: keycloak: unauthorized authentication via disabled saml identity provider — Red Hat build of Keycloak 26.2CWE-306 8.1 High2026-03-18
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions — Red Hat build of Keycloak 26.2CWE-1287 7.7 High2026-03-18
CVE-2026-4324 Rubygem-katello: katello: denial of service and potential information disclosure via sql injection — Red Hat Satellite 6.17 for RHEL 9CWE-89 5.4 Medium2026-03-17
CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server — Red Hat Enterprise Linux 10CWE-416 5.3 Medium2026-03-17
CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection — Red Hat Enterprise Linux 10CWE-93 3.9 Low2026-03-17
CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames — Red Hat Enterprise Linux 10CWE-1286 3.9 Low2026-03-17
CVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header — Red Hat Enterprise Linux 10CWE-93 3.9 Low2026-03-17
CVE-2026-3441 Binutils: gnu binutils: information disclosure via specially crafted xcoff object file — Red Hat Enterprise Linux 10CWE-125 6.1 Medium2026-03-15

This page lists every published CVE security advisory associated with RED HAT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.