RHSA-2026:8500CriticalCVSS 9.0
Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image
🔗 CVE IDs covered (3)
📋 Description
CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) CVE-2026-25639 — axios: Axios affected by Denial of Service via proto Key in mergeConfig CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:8500
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/cve/CVE-2026-25639
- externalhttps://access.redhat.com/security/cve/CVE-2026-40175
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://catalog.redhat.com/software/containers/search
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite
- externalhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index
- externalhttps://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8500.json