RHSA-2026:26226HighCVSS 7.5
Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image
🔗 CVE IDs covered (4)
📋 Description
CVE-2026-28684 — python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation)
CVE-2026-44431 — urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
CVE-2026-48710 — starlette: Starlette: Security restriction bypass via malformed HTTP Host header
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:26226
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index
- externalhttps://access.redhat.com/security/cve/CVE-2026-28684
- externalhttps://access.redhat.com/security/cve/CVE-2026-32597
- externalhttps://access.redhat.com/security/cve/CVE-2026-44431
- externalhttps://access.redhat.com/security/cve/CVE-2026-48710
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/software/containers/search
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26226.json