Skip to main content

Pen Drive Powered By Red Hat Lightspeed

2 CVEs product

Monthly

CVE-2026-15584 HIGH This Week

Privilege escalation in Red Hat OpenShift's incluster-checks diagnostic tool lets any authenticated user holding the standard 'edit' RBAC role escalate to root on the underlying cluster nodes. The tool provisions privileged debug pods with host-filesystem access inside the shared default namespace, so a low-privileged tenant can simply exec into an existing pod and break out to the host. No public exploit identified at time of analysis, and no CISA KEV listing; EPSS data was not provided in the source intelligence.

Privilege Escalation Pen Drive Powered By Red Hat Lightspeed
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-44604 HIGH This Week

Command injection in the rpmuncompress utility of RPM allows local attackers to execute arbitrary commands when a victim extracts a maliciously crafted ZIP, 7z, or GEM archive whose top-level folder name contains shell metacharacters. The flaw affects Red Hat Enterprise Linux 6 through 10 and downstream products including OpenShift Container Platform 4, Satellite 6, Red Hat Hardened Images, and Quarkus Native Builder. No public exploit identified at time of analysis, and the issue requires user interaction with an attacker-supplied archive, but successful exploitation yields full code execution under the extracting user's identity.

Command Injection Pen Drive Powered By Red Hat Lightspeed Red Hat Build Of Quarkus Native Builder Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +7
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Privilege escalation in Red Hat OpenShift's incluster-checks diagnostic tool lets any authenticated user holding the standard 'edit' RBAC role escalate to root on the underlying cluster nodes. The tool provisions privileged debug pods with host-filesystem access inside the shared default namespace, so a low-privileged tenant can simply exec into an existing pod and break out to the host. No public exploit identified at time of analysis, and no CISA KEV listing; EPSS data was not provided in the source intelligence.

Privilege Escalation Pen Drive Powered By Red Hat Lightspeed
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Command injection in the rpmuncompress utility of RPM allows local attackers to execute arbitrary commands when a victim extracts a maliciously crafted ZIP, 7z, or GEM archive whose top-level folder name contains shell metacharacters. The flaw affects Red Hat Enterprise Linux 6 through 10 and downstream products including OpenShift Container Platform 4, Satellite 6, Red Hat Hardened Images, and Quarkus Native Builder. No public exploit identified at time of analysis, and the issue requires user interaction with an attacker-supplied archive, but successful exploitation yields full code execution under the extracting user's identity.

Command Injection Pen Drive Powered By Red Hat Lightspeed Red Hat Build Of Quarkus Native Builder +9
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy