Skip to main content
Regulatory Triage ICT Providers

Red Hat

Infrastructure & Virtualization

Period: 7d 14d 30d 90d
86
Open CVEs
0
Exploited
0
KEV
8
Unpatched
7
No Workaround
38
Internet-facing

Why this provider is risky now

This provider has 86 open CVE(s) in the last 14 days. 8 have no vendor patch. 38 affect internet-facing services. 9 impact the management/identity plane.

8 Unpatched 9 Mgmt / Admin Plane 1 Public PoC 7 No Workaround 38 Internet-facing

Top Risky CVEs

CVE-2026-31072
Act Now
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deserialize attacker-controlled data via the bundled JSONSerializer or CBORSerializer. The unmarshal_object routine dynamically imports modules and invokes __setstate__ on arbitrary classes, letting an attacker pivot an untrusted payload into code execution; publicly available exploit code exists, though EPSS remains low at 0.06% (19th percentile).
24 hours: Audit all systems running APScheduler versions ≤3.10.x or ≤4.0.0a5 to determine exposure and data sources. 7 days: For systems processing untrusted serialized input, immediately implement controls: disable JSONSerializer and CBORSerializer deserialization, restrict network access to APScheduler instances, or containerize with execution constraints. 30 days: Establish upgrade plan and prepare to deploy patched APScheduler version once vendor releases a fix.
Edge exposure ICT dependency PoC Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • Third-party ICT: Red Hat, SUSE
  • Proof of concept available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
9.8
CVSS
0.1%
EPSS
69
Priority
CVE-2026-45829
Act Now
Unpatched
{tenant}/databases/{db}/collections endpoint. The flaw carries a maximum CVSS 4.0 score of 10.0 and was disclosed publicly by HiddenLayer; no public exploit identified at time of analysis, though detailed research has been published.
Within 24 hours: Inventory all ChromaDB Python deployments (1.0.0+) and assess external accessibility of the /api/v2/tenants endpoint. Within 7 days: Immediately disable the trust_remote_code parameter in ChromaDB configuration and implement network-level restrictions limiting collection endpoint access to authorized internal systems only. Within 30 days: Monitor HiddenLayer and ChromaDB advisory channels for a vendor-released patch and deploy immediately upon availability; evaluate alternative vector database solutions if patch timeline is uncertain.
Edge exposure ICT dependency No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-94: Code Injection)
  • Third-party ICT: Red Hat
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • No remediation available
10.0
CVSS
0.1%
EPSS
50
Priority
CVE-2026-8956
Act Now
Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
9.8
CVSS
0.0%
EPSS
49
Priority
CVE-2026-43493
Act Now
Improper handling of MAY_BACKLOG requests in the Linux kernel's pcrypt (parallel crypto) module can cause incorrect processing of EBUSY return codes and EINPROGRESS notifications, potentially leading to instability or undefined behavior in cryptographic operations. The issue affects Linux kernel versions dating back to 2.6.34 and has been resolved upstream across multiple stable branches including 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. There is no public exploit identified at time of analysis and EPSS scoring (0.02%, 5th percentile) suggests very low real-world exploitation likelihood despite the CVSS 9.8 rating.
Within 24 hours: Scan infrastructure to identify systems running Linux kernels before versions 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1 using standard tools (e.g., 'uname -r', vulnerability scanners, or Linux patching tools). Within 7 days: Deploy kernel updates to the patched version appropriate for your distribution's kernel branch (e.g., Red Hat/CentOS users on 6.6.x update to 6.6.140; Ubuntu users follow their LTS kernel guidance). Within 30 days: Verify 100% patching compliance and establish automated kernel security update scheduling.
ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Third-party ICT: Red Hat, SUSE, Linux
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
  • ICT provider: Linux (Operating Systems)
9.8
CVSS
0.0%
EPSS
49
Priority
CVE-2026-8959
Act Now
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
9.6
CVSS
0.1%
EPSS
48
Priority
CVE-2026-2611
Act Now
Cross-origin request forgery in MLflow 3.9.0's Assistant feature allows remote attackers to bypass loopback-only protections on /ajax-api endpoints when a victim visits a malicious webpage, ultimately achieving arbitrary command execution through the Claude Code sub-agent. The flaw stems from improper origin validation (CWE-346) and is fixed in version 3.10.0; no public exploit identified at time of analysis, though a detailed huntr.com report and an upstream commit are publicly available.
Within 24 hours: Identify all MLflow 3.9.0 deployments and restrict network access to internal-only where possible; document exposure level of each instance. Within 7 days: Upgrade all affected systems to MLflow 3.10.0 or later, which resolves the CSRF vulnerability in the Assistant feature. Within 30 days: Conduct security validation of upgraded systems, review historical logs for suspicious /ajax-api activity that might indicate prior exploitation, and implement network segmentation to prevent future web-based attacks.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • Third-party ICT: Red Hat
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
9.6
CVSS
0.0%
EPSS
48
Priority
CVE-2026-8953
Act Now
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.
ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Third-party ICT: Red Hat, SUSE
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
9.6
CVSS
0.0%
EPSS
48
Priority
CVE-2026-8950
Act Now
Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
9.3
CVSS
0.0%
EPSS
47
Priority
CVE-2026-33278
Act Now
Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attackers to crash the daemon or potentially achieve arbitrary code execution by serving a malicious signed zone to a vulnerable resolver. The flaw stems from a struct-assignment bug during deep copying of response messages when DS sub-queries suspend validation under NSEC3 computational budget exhaustion. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.1 with network attack vector and no required privileges or user interaction makes this a high-priority patching target for any operator running a recursive Unbound resolver.
24 hours: Inventory all Unbound deployments; identify systems running versions 1.19.1-1.25.0 and confirm whether they serve as recursive resolvers. Isolate affected systems from untrusted external zones. 7 days: Implement network-level compensating controls (restrict zone sources via ACLs); enable detailed DNSSEC validation logging; begin evaluation of rollback to version 1.19.0 or downtime windows for critical systems. 30 days: Apply vendor-released patch immediately upon release; conduct log review for exploitation indicators (resolver crashes, execution anomalies); validate remediation across all affected instances.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
9.1
CVSS
0.4%
EPSS
46
Priority
CVE-2026-10021
This Week
Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code in the browser context by luring a victim to a crafted HTML page that abuses insufficient input validation in the WebUSB component. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and Chromium rates it Medium severity; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel mitigates the issue.
Within 24 hours: Deploy Chrome 148.0.7778.216 or later via group policy/MDM to all managed Chrome instances. Within 7 days: Verify completion of updates across 95% of user base and confirm older versions are no longer present on endpoints. Within 30 days: Audit Chrome deployment policies to ensure automatic updates are enforced and conduct incident log review for potential exploitation indicators targeting WebUSB.
Edge exposure ICT dependency Patched
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • Third-party ICT: Red Hat, SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Red Hat (Infrastructure & Virtualization)
  • ICT provider: SUSE (Infrastructure & Virtualization)
8.8
CVSS
0.1%
EPSS
44
Priority

By Exposure

Internet-facing
38
Mgmt / Admin Plane
9
Identity / Auth
3
Internal only
45

By Exploitability

Known exploited
0
Public PoC
1
High EPSS (>30%)
0
Remote unauthenticated
69
Local only
2

By Remediation

Patch available
78
No patch
8
Workaround available
28
No workaround
7

Affected Services / Product Families

Red Hat
86 CVE(s)
CVE-2026-42009 HIGH Patched
CVE-2026-45829 CRITICAL Unpatched
CVE-2026-8830 MEDIUM Unpatched
CVE-2026-8922 MEDIUM Unpatched
CVE-2026-2611 CRITICAL Patched
CVE-2026-37978 MEDIUM Patched
CVE-2026-37979 MEDIUM Patched
CVE-2026-37981 MEDIUM Patched
CVE-2026-37982 MEDIUM Patched
CVE-2026-43493 CRITICAL Patched
+ 76 more

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy