RHSA-2026:5459HighCVSS 7.5
Red Hat Security Advisory: RHTAS 1.3.3 - Red Hat Trusted Artifact Signer Release
🔗 CVE IDs covered (5)
📋 Description
CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-3336 — aws-lc: aws-lc: Certificate validation bypass via improper handling of PKCS7 objects CVE-2026-3338 — aws-lc: AWS-LC: Signature bypass due to improper validation in PKCS7_verify() CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-31812 — quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:5459
- externalhttps://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
- externalhttps://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/cve/CVE-2026-31812
- externalhttps://access.redhat.com/security/cve/CVE-2026-3336
- externalhttps://access.redhat.com/security/cve/CVE-2026-3338
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5459.json