RHSA-2026:7128HighCVSS 9.6

Red Hat Security Advisory: RHACS 4.9.5 security and bug fix update

Published
April 8, 2026
Last Modified
June 3, 2026

🔗 CVE IDs covered (11)

CVE-2026-33186CVE-2026-25128CVE-2026-25535 · pendingCVE-2026-25896 · pendingCVE-2026-31898 · pendingCVE-2026-31938 · pendingCVE-2026-33036 · pendingCVE-2026-25755 · pendingCVE-2026-25940 · pendingCVE-2026-26278 · pendingCVE-2026-27942 · pending

📋 Description

CVE-2026-25128 — fast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities Bug CVE-2026-25535 — jsPDF: denial of service via malicious GIF dimensions CVE-2026-25755 — jsPDF: PDF object injection via unsanitized input in addJS method CVE-2026-25896 — fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling CVE-2026-25940 — jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children) CVE-2026-26278 — fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion CVE-2026-27942 — fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service CVE-2026-31898 — jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method CVE-2026-31938 — jspdf: jsPDF: Cross site scripting via unsanitized output options CVE-2026-33036 — fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

🔗 References (15)