Red Hat Security Advisory: MTV RHEL9 Images
🔗 CVE IDs covered (8)
📋 Description
CVE-2026-4598 — jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs CVE-2026-4599 — jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces CVE-2026-4600 — jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters CVE-2026-4601 — jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing CVE-2026-4602 — jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4926 — path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:19409
- externalhttps://access.redhat.com/security/cve/CVE-2026-29063
- externalhttps://access.redhat.com/security/cve/CVE-2026-4598
- externalhttps://access.redhat.com/security/cve/CVE-2026-4599
- externalhttps://access.redhat.com/security/cve/CVE-2026-4600
- externalhttps://access.redhat.com/security/cve/CVE-2026-4601
- externalhttps://access.redhat.com/security/cve/CVE-2026-4602
- externalhttps://access.redhat.com/security/cve/CVE-2026-4800
- externalhttps://access.redhat.com/security/cve/CVE-2026-4926
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/migration_toolkit_for_virtualization
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19409.json