Regulatory Triage ICT Providers

Red Hat

Infrastructure & Virtualization

Period: 7d 14d 30d 90d
137
Open CVEs
0
Exploited
0
KEV
16
Unpatched
6
No Workaround
47
Internet-facing

Why this provider is risky now

This provider has 137 open CVE(s) in the last 30 days. 16 have no vendor patch. 47 affect internet-facing services. 10 impact the management/identity plane.

16 Unpatched 10 Mgmt / Admin Plane 3 Public PoC 6 No Workaround 47 Internet-facing

Top Risky CVEs

CVE-2026-26740
This Week
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when processing Graphic Control Extension blocks, enabling remote attackers to trigger denial of service conditions. Public exploit code exists for this vulnerability, though no patch is currently available. The flaw affects any application using the vulnerable giflib version to process GIF files from untrusted sources.
Within 7 days: Identify all affected systems and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.
ICT dependency PoC Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Red Hat, SUSE
  • Proof of concept available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
8.2
CVSS
0.1%
EPSS
61
Priority
CVE-2025-15379
Act Now
Critical command injection in MLflow 3.8.0 enables remote code execution during model deployment when attackers supply malicious artifacts via the `env_manager=LOCAL` parameter. The `_install_model_dependencies_to_env()` function unsafely interpolates dependency specifications from `python_env.yaml` directly into shell commands without sanitization. With CVSS 10.0 (network-accessible, no authentication, no complexity) and publicly available exploit code exists (reported via Huntr bug bounty, patched in 3.8.2), this represents an immediate critical risk for organizations using MLflow model serving infrastructure. EPSS data not available, but exploitation scenario is straightforward for adversaries with model deployment access.
Within 24 hours: Identify all systems running MLflow 3.8.0 or 3.8.1 and immediately disable model deployment functionality or isolate affected instances from production traffic. Within 7 days: Upgrade all affected MLflow instances to version 3.8.2 or later (vendor-released patch confirmed in 3.8.2). Within 30 days: Conduct forensic review of model deployment logs and artifact repositories from the past 90 days to identify any suspicious uploads; audit all model serving endpoints for unauthorized access or execution.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-77: Command Injection)
  • Third-party ICT: Red Hat
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
10.0
CVSS
0.2%
EPSS
50
Priority
CVE-2025-70888
Act Now
A privilege escalation vulnerability exists in osslsigncode (mtrojnar) versions 2.10 and earlier within the osslsigncode.c component, allowing remote attackers to escalate privileges. The vulnerability affects users of the osslsigncode code signing utility. While CVSS scoring is not yet available, referenced GitHub issues and pull requests suggest this is an authenticated or context-dependent issue that has been identified and likely patched.
Within 24 hours: Identify all affected systems running mtrojnar Osslsigncode affected at and apply vendor patches immediately. Monitor vendor channels for patch availability.
ICT dependency Management plane Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Third-party ICT: Red Hat, SUSE
  • Management plane (Improper Privilege Management)
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
  • Authentication / access control weakness
9.8
CVSS
0.0%
EPSS
49
Priority
CVE-2025-15036
Act Now
Path traversal in MLflow's tar.gz extraction (mlflow/mlflow versions <3.7.0) allows remote attackers to overwrite arbitrary files and potentially escape sandbox isolation via malicious archive uploads. The vulnerability affects the `extract_archive_to_dir` function which fails to validate tar member paths during extraction. Exploitation requires user interaction (CVSS UI:R) but needs no authentication (PR:N). EPSS data not provided, but no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Public exploit code exists via Huntr bounty disclosure.
Within 24 hours: Inventory all MLflow deployments and document versions <3.7.0; restrict or disable tar.gz archive upload functionality via access controls or web application firewall rules if possible. Within 7 days: Implement input validation to reject suspicious archive member paths (those containing '..' or absolute paths); isolate affected MLflow instances on network segments with restricted egress. Within 30 days: Upgrade to MLflow 3.7.0 or later once vendor releases patched version; conduct forensic audit of archive upload logs for exploitation attempts.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: path-traversal
  • Third-party ICT: Red Hat
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
9.6
CVSS
0.1%
EPSS
48
Priority
CVE-2026-27876
Act Now
Remote code execution is achievable in Grafana installations through a chained attack combining SQL Expressions with a Grafana Enterprise plugin, affecting both open-source and Enterprise deployments. The vulnerability requires high-privilege authenticated access (PR:H) but enables cross-scope impact with complete system compromise once exploited. Only instances with the sqlExpressions feature toggle enabled are vulnerable, though Grafana recommends all users update to prevent future exploitation paths using this attack vector. No public exploit identified at time of analysis, and authentication as a high-privilege user is required per CVSS vector.
Within 24 hours: Audit all Grafana instances for sqlExpressions feature toggle status and disable the feature immediately on all affected deployments; restrict administrative access to Grafana to only essential personnel and enforce multi-factor authentication on all admin accounts. Within 7 days: Review access logs for suspicious administrative activity and credential compromise indicators; identify and isolate any Grafana Enterprise plugin deployments tied to SQL expression functionality. Within 30 days: Monitor Grafana security advisories for patch release; deploy patched versions to all instances as soon as vendor releases a fix, prioritizing Enterprise deployments.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-94: Code Injection)
  • Third-party ICT: Red Hat, SUSE, Grafana
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
  • ICT provider: Grafana (Observability & Monitoring)
9.1
CVSS
0.1%
EPSS
46
Priority
CVE-2025-15031
Act Now
MLflow, a popular open-source machine learning lifecycle platform, contains a path traversal vulnerability in its pyfunc extraction process that allows arbitrary file writes. The vulnerability stems from unsafe use of tarfile.extractall without proper path validation, enabling attackers to craft malicious tar.gz files with directory traversal sequences or absolute paths to write files outside the intended extraction directory. This poses critical risk in multi-tenant environments and can lead to remote code execution, with a CVSS score of 8.1 and confirmed exploit details available via Huntr.
Within 24 hours: Inventory all MLflow deployments and assess exposure by identifying systems accepting external model uploads or processing untrusted tar.gz files. Within 7 days: Implement network segmentation to isolate MLflow services, disable pyfunc model loading if not operationally required, and implement strict input validation on model uploads. Within 30 days: Monitor vendor communications for patch release, conduct code review of model processing pipelines, and develop detection rules for suspicious file write patterns in MLflow working directories.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-22: Path Traversal)
  • Third-party ICT: Red Hat
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
9.1
CVSS
0.0%
EPSS
46
Priority
CVE-2026-32748
This Week
Squid proxy versions prior to 7.5 contain use-after-free and premature resource release vulnerabilities in ICP (Internet Cache Protocol) traffic handling that enable reliable, repeatable denial of service attacks. Remote attackers can exploit these memory safety bugs to crash the Squid service by sending specially crafted ICP packets, affecting deployments that have explicitly enabled ICP support via non-zero icp_port configuration. While no CVSS score or EPSS value is currently published, the vulnerability is confirmed by vendor advisory and includes a public patch commit, indicating moderate to high real-world risk for affected deployments.
Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.
ICT dependency Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Red Hat, SUSE, Canonical / Ubuntu
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
  • ICT provider: Canonical / Ubuntu (Infrastructure & Virtualization)
8.7
CVSS
1.8%
EPSS
45
Priority
CVE-2025-67030
This Week
A directory traversal vulnerability exists in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils versions prior to commit 6d780b3378829318ba5c2d29547e0012d5b29642, allowing attackers to escape the intended extraction directory and write arbitrary files to the filesystem, potentially leading to remote code execution. The vulnerability affects any application using vulnerable versions of plexus-utils for archive extraction operations. A proof-of-concept has been publicly disclosed via a GitHub Gist, and the fix has been merged into the project repository.
Within 7 days: Identify all affected systems running the extractFile method of org.codehaus.plexus.util.Expand in and apply vendor patches promptly. Review file handling controls and restrict upload directories.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • Third-party ICT: Red Hat
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
8.8
CVSS
0.0%
EPSS
44
Priority
CVE-2026-5286
This Week
Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
8.8
CVSS
0.0%
EPSS
44
Priority
CVE-2026-5274
This Week
Integer overflow in Google Chrome's Codecs component prior to version 146.0.7680.178 enables remote code execution and arbitrary memory read/write operations when a user visits a malicious HTML page. The vulnerability affects all versions before the patch release and requires no user interaction beyond visiting a crafted webpage. Chromium security team classified this as High severity; no public exploit code or active exploitation has been confirmed at the time of analysis.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
8.8
CVSS
0.0%
EPSS
44
Priority

By Exposure

Internet-facing
47
Mgmt / Admin Plane
10
Identity / Auth
7
Internal only
89

By Exploitability

Known exploited
0
Public PoC
3
High EPSS (>30%)
0
Remote unauthenticated
63
Local only
45

By Remediation

Patch available
121
No patch
16
Workaround available
68
No workaround
6

Affected Services / Product Families

Redhat
137 CVE(s)
CVE-2026-4324 MEDIUM Patched
CVE-2026-27980 HIGH PoC Patched
CVE-2026-27979 HIGH Patched
CVE-2026-27978 MEDIUM Patched
CVE-2026-27977 MEDIUM Patched
CVE-2026-20643 MEDIUM Patched
CVE-2026-2092 HIGH Patched
CVE-2026-2603 HIGH Patched
CVE-2026-2575 MEDIUM Patched
CVE-2026-23242 HIGH Patched
+ 127 more

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy