Regulatory Triage ICT Providers

Red Hat

Infrastructure & Virtualization

Period: 7d 14d 30d 90d
14
Open CVEs
0
Exploited
0
KEV
9
Unpatched
5
No Workaround
9
Internet-facing

Why this provider is risky now

This provider has 14 open CVE(s) in the last 14 days. 9 have no vendor patch. 9 affect internet-facing services. 2 impact the management/identity plane.

9 Unpatched 2 Mgmt / Admin Plane 5 No Workaround 9 Internet-facing

Top Risky CVEs

CVE-2026-5483
This Week
Unpatched
Service Account token disclosure in Red Hat OpenShift AI odh-dashboard component exposes Kubernetes credentials through unprotected NodeJS endpoint. Low-privilege authenticated attackers can retrieve service account tokens enabling unauthorized access to Kubernetes cluster resources. Affects Red Hat OpenShift AI 2.16 and multiple RHOAI versions. Cross-scope impact allows privilege escalation beyond dashboard component boundaries. No public exploit identified at time of analysis.
Within 24 hours: Inventory all Red Hat OpenShift AI deployments and document versions currently in production. Within 7 days: Restrict network access to odh-dashboard endpoints using network policies and firewall rules, limiting access to only authorized administrators; implement API request logging and monitoring for token retrieval attempts. Within 30 days: Apply vendor-released patch immediately upon availability; contact Red Hat support for hotfix options if available; consider temporary environment isolation of affected RHOAI clusters until patched.
Edge exposure ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Third-party ICT: Red Hat
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • No remediation available
8.5
CVSS
0.1%
EPSS
43
Priority
CVE-2026-4740
This Week
Improper certificate validation in Red Hat's Open Cluster Management (OCM) and Multicluster Engine for Kubernetes allows managed cluster administrators with high-level local access to forge client certificates, achieving cross-cluster privilege escalation to other managed clusters including the hub cluster. The CVSS 8.2 rating reflects high impact across confidentiality, integrity, and availability with scope change, though exploitation requires existing high-privilege local access (PR:H) and local attack vector (AV:L). No public exploit code or CISA KEV listing identified at time of analysis, though technical details are publicly documented in researcher blog post.
Within 24 hours: Inventory all Red Hat OCM and Multicluster Engine deployments across your infrastructure; identify administrators with local cluster access and document their current privileges. Within 7 days: Contact Red Hat support for patch availability timeline and interim guidance; implement access control review for high-privilege administrative accounts across all managed clusters. Within 30 days: Apply vendor-released patch immediately upon availability; conduct forensic review of administrator account activity logs for certificate issuance anomalies; re-credential all service accounts and client certificates issued within the past 90 days.
ICT dependency Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Red Hat
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
8.2
CVSS
0.0%
EPSS
41
Priority
CVE-2025-14821
This Week
Unpatched
Local privilege escalation in libssh on Windows systems allows authenticated users with low privileges to conduct man-in-the-middle attacks against SSH connections by creating malicious configuration files in C:\etc. The vulnerability stems from insecure default behavior where libssh automatically loads SSH configuration from a world-writable directory location. Red Hat Enterprise Linux 6-10, RHEL Hardened Images, and OpenShift Container Platform 4 are affected. No public exploit identified at time of analysis, though EPSS data is not available and exploitation complexity is low (CVSS AC:L).
Within 24 hours: Inventory all systems running RHEL 6-10, RHEL Hardened Images, and OpenShift Container Platform 4 to identify libssh dependencies and deployment scope. Within 7 days: Implement access controls restricting write permissions to C:\etc and SSH configuration directories; restrict local user account creation and privileges on affected systems. Within 30 days: Monitor Red Hat Security Advisories for vendor-released patch availability and apply immediately upon release; evaluate libssh removal or replacement if alternatives exist for your SSH use cases.
ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Red Hat
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • No remediation available
7.8
CVSS
0.0%
EPSS
39
Priority
CVE-2026-32589
This Week
Unpatched
Red Hat Quay container registry allows authenticated users with push access to interfere with other users' image uploads across repositories, including those they cannot access. An authenticated attacker (PR:L) can read, modify, or cancel in-progress uploads in any repository on the registry, bypassing authorization boundaries. Attack complexity is high (AC:H) and requires user interaction (UI:R), but enables cross-scope integrity compromise. EPSS and KEV data not available; no public exploit identified at time of analysis. This represents an authorization flaw affecting Red Hat Quay 3.x and Mirror Registry deployments.
Within 24 hours: Identify all Red Hat Quay 3.x and Mirror Registry instances in your environment and document administrator and push-access user accounts. Within 7 days: Review audit logs for unauthorized upload modifications or cancellations; audit push-access user permissions and reduce to minimum necessary scope per repository. Within 30 days: Contact Red Hat for patch timeline and interim compensating controls; implement network segmentation to restrict Quay access to trusted CI/CD systems only; consider implementing image signature verification in deployment pipelines to detect tampered uploads.
Edge exposure ICT dependency No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Third-party ICT: Red Hat
  • No patch available
  • Management plane (Authorization Bypass via User-Controlled Key)
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • No remediation available
  • Authentication / access control weakness
7.1
CVSS
0.0%
EPSS
36
Priority
CVE-2026-32590
This Week
Unpatched
Arbitrary code execution in Red Hat Quay via unsafe deserialization during resumable container image uploads affects multiple Quay 3.x deployments and Mirror Registry instances. An authenticated attacker with low privileges can tamper with intermediate upload data stored in the database to execute code on the Quay server, though exploitation requires high attack complexity and user interaction (CVSS 7.1). EPSS data not available; no public exploit identified at time of analysis, but the deserialization vulnerability class (CWE-502) is well-understood and frequently targeted.
Within 24 hours: Inventory all Red Hat Quay 3.x and Mirror Registry deployments; restrict upload permissions to highly trusted users only and enable detailed audit logging of upload activities. Within 7 days: Implement network segmentation to isolate Quay instances and restrict database access to essential administrative accounts; consult Red Hat support for interim guidance. Within 30 days: Monitor Red Hat security advisories for patch release; prepare upgrade testing procedures for affected Quay versions to apply the patch immediately upon availability.
Edge exposure ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • Third-party ICT: Red Hat
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • No remediation available
7.1
CVSS
0.1%
EPSS
36
Priority
CVE-2026-1839
This Month
Remote code execution in HuggingFace Transformers library allows arbitrary code execution via malicious checkpoint files. The `_load_rng_state()` method in the `Trainer` class calls `torch.load()` without the `weights_only=True` parameter, enabling deserialization attacks when PyTorch versions below 2.6 are used with torch>=2.2. An attacker can craft a malicious `rng_state.pth` checkpoint file that executes arbitrary code when loaded by an application using affected Transformers versions. The fix is available in version v5.0.0rc3, and no public exploit has been independently confirmed at time of analysis.
Edge exposure ICT dependency Patched
Why flagged?
6.5
CVSS
0.0%
EPSS
33
Priority
CVE-2026-2377
This Month
Unpatched
Server-side request forgery (SSRF) in Red Hat Mirror Registry and Red Hat Quay 3.x allows authenticated users to conduct arbitrary requests to internal network resources via a specially crafted URL in the log export feature, potentially exposing sensitive information and compromising internal systems. CVSS 6.5 (medium severity) with confirmed authentication requirement and high confidentiality impact. No active exploitation or public exploit code identified at time of analysis.
Edge exposure ICT dependency
Why flagged?
6.5
CVSS
0.0%
EPSS
32
Priority
CVE-2025-58713
This Month
Unpatched
Red Hat Process Automation Manager container images allow local privilege escalation when the /etc/passwd file is created with group-writable permissions during the build process. An attacker with non-root command execution capability who is a member of the root group can modify /etc/passwd to create a new user with UID 0, gaining full root privileges within the container. This requires high privileges (membership in root group) and challenging conditions (AC:H), but affects all versions of Red Hat Process Automation 7 distributed as container images. No public exploit code has been identified at the time of analysis.
ICT dependency
Why flagged?
6.4
CVSS
0.0%
EPSS
32
Priority
CVE-2025-14243
This Month
Unpatched
OpenShift Mirror Registry leaks valid usernames and email addresses through inconsistent error messages during authentication and account creation, enabling unauthenticated remote attackers to enumerate registered users. CVSS score of 5.3 reflects the low confidentiality impact with no authentication required and low attack complexity; no public exploit code or active exploitation has been confirmed at time of analysis.
ICT dependency
Why flagged?
5.3
CVSS
0.1%
EPSS
26
Priority
CVE-2026-32591
This Month
Unpatched
Server-Side Request Forgery (SSRF) in Red Hat Quay's Proxy Cache configuration allows authenticated organization administrators to force the Quay server to make unvalidated network requests to internal services, cloud infrastructure endpoints, or otherwise restricted resources by supplying a crafted upstream registry hostname. With CVSS 5.2 and high confidentiality impact, this vulnerability requires administrator privileges and user interaction but poses significant risk to internal network exposure; no public exploit code or active exploitation (KEV) confirmed at time of analysis.
Edge exposure ICT dependency
Why flagged?
5.2
CVSS
0.0%
EPSS
26
Priority

By Exposure

Internet-facing
9
Mgmt / Admin Plane
2
Identity / Auth
2
Internal only
5

By Exploitability

Known exploited
0
Public PoC
0
High EPSS (>30%)
0
Remote unauthenticated
2
Local only
6

By Remediation

Patch available
5
No patch
9
Workaround available
5
No workaround
5

Affected Services / Product Families

Redhat
14 CVE(s)
CVE-2026-26962 MEDIUM Patched
CVE-2026-2625 MEDIUM Unpatched
CVE-2026-27447 MEDIUM Patched
CVE-2026-27456 MEDIUM Patched
CVE-2026-1839 MEDIUM Patched
CVE-2026-4740 HIGH Patched
CVE-2025-14821 HIGH Unpatched
CVE-2025-58713 MEDIUM Unpatched
CVE-2025-14243 MEDIUM Unpatched
CVE-2026-2377 MEDIUM Unpatched
+ 4 more

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy