RHSA-2026:1504HighCVSS 8.6
Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
🔗 CVE IDs covered (5)
📋 Description
CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24486 — python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:1504
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index
- externalhttps://access.redhat.com/security/cve/CVE-2025-66418
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/cve/CVE-2026-24049
- externalhttps://access.redhat.com/security/cve/CVE-2026-24486
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/software/containers/search
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html-single/managing_hosts/index#configuring-the-mcp-server-for-Satellite
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1504.json