Skip to main content

Red Hat Build Of Quarkus Native Builder

1 CVEs product

Monthly

CVE-2026-44604 HIGH This Week

Command injection in the rpmuncompress utility of RPM allows local attackers to execute arbitrary commands when a victim extracts a maliciously crafted ZIP, 7z, or GEM archive whose top-level folder name contains shell metacharacters. The flaw affects Red Hat Enterprise Linux 6 through 10 and downstream products including OpenShift Container Platform 4, Satellite 6, Red Hat Hardened Images, and Quarkus Native Builder. No public exploit identified at time of analysis, and the issue requires user interaction with an attacker-supplied archive, but successful exploitation yields full code execution under the extracting user's identity.

Command Injection Pen Drive Powered By Red Hat Lightspeed Red Hat Build Of Quarkus Native Builder Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +7
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
EPSS 0% CVSS 7.0
HIGH This Week

Command injection in the rpmuncompress utility of RPM allows local attackers to execute arbitrary commands when a victim extracts a maliciously crafted ZIP, 7z, or GEM archive whose top-level folder name contains shell metacharacters. The flaw affects Red Hat Enterprise Linux 6 through 10 and downstream products including OpenShift Container Platform 4, Satellite 6, Red Hat Hardened Images, and Quarkus Native Builder. No public exploit identified at time of analysis, and the issue requires user interaction with an attacker-supplied archive, but successful exploitation yields full code execution under the extracting user's identity.

Command Injection Pen Drive Powered By Red Hat Lightspeed Red Hat Build Of Quarkus Native Builder +9
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy