Red Hat Security Advisory: RHOAI 3.3.3 - Red Hat OpenShift AI
🔗 CVE IDs covered (46)
📋 Description
CVE-2025-6242 — vllm: Server Side request forgery (SSRF) in MediaConnector
CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications
CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions
CVE-2025-15284 — qs: qs: Denial of Service via improper input validation in array parsing
CVE-2025-59057 — react-router: @remix-run/router: React Router XSS Vulnerability
CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url
CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
CVE-2025-62164 — vllm: VLLM deserialization vulnerability leading to DoS and potential RCE
CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
CVE-2025-64756 — glob: glob: Command Injection Vulnerability via Malicious Filenames
CVE-2025-66031 — node-forge: node-forge ASN.1 Unbounded Recursion
CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
CVE-2025-66448 — vllm: vLLM: Remote Code Execution via malicious model configuration
CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data
CVE-2025-69223 — aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
CVE-2025-69873 — ajv: ReDoS via $data reference
CVE-2026-0846 — nltk: NLTK: Arbitrary file read via improper path validation in filestring() function
CVE-2026-0847 — nltk: NLTK: Arbitrary file read via path traversal vulnerability
CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports
CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
CVE-2026-21884 — react-router: @remix-run/react: React Router SSR XSS in ScrollRestoration
CVE-2026-22029 — @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects
CVE-2026-22778 — vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.
CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
CVE-2026-23745 — node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
CVE-2026-24049 — wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
CVE-2026-24486 — python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability
CVE-2026-24779 — vLLM: vLLM: Server-Side Request Forgery allows internal network access
CVE-2026-25639 — axios: Axios affected by Denial of Service via proto Key in mergeConfig
CVE-2026-25990 — pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image
CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting
CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution
CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion
CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVE-2026-31812 — quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet
CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)
CVE-2026-32829 — lz4_flex: lz4_flex's decompression can leak information from uninitialized memory or reused output buffer
CVE-2026-32981 — ray: Ray Dashboard Path Traversal Leading to Local File Disclosure
CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
CVE-2026-33231 — nltk: NLTK: Denial of Service via unauthenticated remote shutdown
CVE-2026-33236 — nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files
CVE-2026-34986 — github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation
CVE-2026-40192 — Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
CVE-2026-40895 — follow-redirects: follow-redirects: Information disclosure via cross-domain redirects
🔗 References (50)
- selfhttps://access.redhat.com/errata/RHSA-2026:19712
- externalhttps://access.redhat.com/security/cve/CVE-2025-12816
- externalhttps://access.redhat.com/security/cve/CVE-2025-13465
- externalhttps://access.redhat.com/security/cve/CVE-2025-15284
- externalhttps://access.redhat.com/security/cve/CVE-2025-59057
- externalhttps://access.redhat.com/security/cve/CVE-2025-61726
- externalhttps://access.redhat.com/security/cve/CVE-2025-61729
- externalhttps://access.redhat.com/security/cve/CVE-2025-62164
- externalhttps://access.redhat.com/security/cve/CVE-2025-6242
- externalhttps://access.redhat.com/security/cve/CVE-2025-62718
- externalhttps://access.redhat.com/security/cve/CVE-2025-64756
- externalhttps://access.redhat.com/security/cve/CVE-2025-66031
- externalhttps://access.redhat.com/security/cve/CVE-2025-66418
- externalhttps://access.redhat.com/security/cve/CVE-2025-66448
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2025-69223
- externalhttps://access.redhat.com/security/cve/CVE-2025-69873
- externalhttps://access.redhat.com/security/cve/CVE-2026-0846
- externalhttps://access.redhat.com/security/cve/CVE-2026-0847
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/cve/CVE-2026-21884
- externalhttps://access.redhat.com/security/cve/CVE-2026-22029
- externalhttps://access.redhat.com/security/cve/CVE-2026-22778
- externalhttps://access.redhat.com/security/cve/CVE-2026-23490
- externalhttps://access.redhat.com/security/cve/CVE-2026-23745
- externalhttps://access.redhat.com/security/cve/CVE-2026-24049
- externalhttps://access.redhat.com/security/cve/CVE-2026-24486
- externalhttps://access.redhat.com/security/cve/CVE-2026-24779
- externalhttps://access.redhat.com/security/cve/CVE-2026-25639
- externalhttps://access.redhat.com/security/cve/CVE-2026-25990
- externalhttps://access.redhat.com/security/cve/CVE-2026-27893
- externalhttps://access.redhat.com/security/cve/CVE-2026-28684
- externalhttps://access.redhat.com/security/cve/CVE-2026-29063
- externalhttps://access.redhat.com/security/cve/CVE-2026-29074
- externalhttps://access.redhat.com/security/cve/CVE-2026-30922
- externalhttps://access.redhat.com/security/cve/CVE-2026-31812
- externalhttps://access.redhat.com/security/cve/CVE-2026-32597
- externalhttps://access.redhat.com/security/cve/CVE-2026-32829
- externalhttps://access.redhat.com/security/cve/CVE-2026-32981
- externalhttps://access.redhat.com/security/cve/CVE-2026-33186
- externalhttps://access.redhat.com/security/cve/CVE-2026-33231
- externalhttps://access.redhat.com/security/cve/CVE-2026-33236
- externalhttps://access.redhat.com/security/cve/CVE-2026-34986
- externalhttps://access.redhat.com/security/cve/CVE-2026-40175
- externalhttps://access.redhat.com/security/cve/CVE-2026-40192
- externalhttps://access.redhat.com/security/cve/CVE-2026-40895
- externalhttps://access.redhat.com/security/cve/CVE-2026-4800
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19712.json