Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Red Hat — Vulnerabilities & Security Advisories 691

Browse all 691 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

Top products by Red Hat: Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Ansible keycloak Red Hat Enterprise Linux 9 Red Hat build of Keycloak 26.4 Red Hat Hardened Images Red Hat Enterprise Linux 7 glusterfs Red Hat Build of Keycloak kernel Red Hat build of Keycloak 26.2 newlib mirror registry for Red Hat OpenShift Red Hat Ansible Automation Platform 2.5 for RHEL 8 undertow OpenShift Red Hat Single Sign-On 7 samba Red Hat Advanced Cluster Security 4.2 Red Hat Quay 3 wildfly cloudforms ipa Red Hat Ansible Automation Platform 2.4 for RHEL 8 cfme Red Hat build of Apache Camel for Spring Boot 4 Red Hat Ansible Automation Platform 2 Ansible Tower
CVE IDTitleCVSSSeverityPublished
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling — Red Hat Enterprise Linux 10CWE-295 7.4 High2026-05-07
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username — Red Hat Enterprise Linux 10 7.1 High2026-05-07
CVE-2026-6420 Keylime: keylime: security bypass due to hardcoded tpm quote nonce — Red Hat Enterprise Linux 10CWE-1241 6.3 Medium2026-05-06
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command — Fast Datapath for RHEL 7CWE-120 5.9 Medium2026-05-05
CVE-2026-34002 Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling — Red Hat Enterprise Linux 10CWE-805 6.1 Medium2026-05-05
CVE-2026-34000 Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing. — Red Hat Enterprise Linux 10CWE-125 6.1 Medium2026-05-05
CVE-2026-6266 Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking — Red Hat Ansible Automation Platform 2.5 for RHEL 8CWE-305 8.3 High2026-05-04
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly — Red Hat Hardened ImagesCWE-130 7.5 High2026-05-04
CVE-2026-7500 Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled — Red Hat Build of KeycloakCWE-425 5.4 Medium2026-04-30
CVE-2026-7163 Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure — multicluster engine for Kubernetes 2.10CWE-312 6.1 Medium2026-04-30
CVE-2026-7309 Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection — Red Hat OpenShift Container Platform 4CWE-426 4.3 Medium2026-04-28
CVE-2026-5265 Ovn: ovn: heap over-read in icmp error response generation - security issue — Fast Datapath for Red Hat Enterprise Linux 8CWE-130 6.5 Medium2026-04-24
CVE-2026-5367 Ovn: ovn: information disclosure via crafted dhcpv6 packets — Fast Datapath for Red Hat Enterprise Linux 8CWE-130 8.6 High2026-04-24
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document — Red Hat Hardened ImagesCWE-843 6.5 Medium2026-04-23
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers — Red Hat Enterprise Linux 10CWE-444 3.7 Low2026-04-23
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access — Red Hat Enterprise Linux 10CWE-125 7.8 High2026-04-23
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption — Red Hat Enterprise Linux 10CWE-825 7.8 High2026-04-23
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling — Red Hat Enterprise Linux 10CWE-191 7.8 High2026-04-23
CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler — Red Hat Enterprise Linux 6CWE-639 4.7 Medium2026-04-23
CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing — Red Hat Enterprise Linux 10CWE-674 5.5 Medium2026-04-22
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css — Red Hat Enterprise Linux 10CWE-193 6.1 Medium2026-04-22
CVE-2026-6859 Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true` — Red Hat Enterprise Linux AI (RHEL AI) 3CWE-829 8.8 High2026-04-22
CVE-2026-6857 Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization — Red Hat build of Apache Camel 4 for Quarkus 3CWE-502 7.5 High2026-04-22
CVE-2026-6855 Instructlab: instructlab: path traversal allows arbitrary directory creation and file write — Red Hat Enterprise Linux AI (RHEL AI) 3CWE-22 7.1 High2026-04-22
CVE-2026-6848 Quay: red hat quay: authentication bypass allows privileged actions without valid credentials — Red Hat Quay 3CWE-613 5.4 Medium2026-04-22
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing — Red Hat Enterprise Linux 10CWE-122 7.8 High2026-04-22
CVE-2026-6844 Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files — Red Hat Enterprise Linux 10CWE-400 5.5 Medium2026-04-22
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service — Red Hat Enterprise Linux 10CWE-134 5.5 Medium2026-04-22
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file — Red Hat Enterprise Linux 10CWE-476 5.0 Medium2026-04-22
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions — Red Hat Enterprise Linux 10CWE-732 2.5 Low2026-04-22

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.