Skip to main content

Red Hat Enterprise Linux Ai Rhel Ai 3

4 CVEs product

Monthly

CVE-2026-12706 MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Denial Of Service Use After Free Memory Corruption Red Hat Red Hat Openshift Ai Rhoai +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12491 PyPI MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Red Hat Openshift Ai Rhoai Red Hat Ai Inference Server Red Hat Enterprise Linux Ai Rhel Ai 3
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-6859 PyPI HIGH GHSA This Week

Remote code execution in InstructLab affects Red Hat Enterprise Linux AI 3 when users download or train models from HuggingFace Hub. The linux_train.py script hardcodes trust_remote_code=True, allowing attackers to execute arbitrary Python code by hosting malicious models on HuggingFace and convincing users to run ilab train, download, or generate commands. This configuration weakness enables complete system compromise through social engineering attacks. CVSS 8.8 with network vector but requires user interaction, reducing automatic exploitation risk. No active exploitation (CISA KEV) or public POC identified at time of analysis.

RCE Python Red Hat Enterprise Linux Ai Rhel Ai 3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6855 PyPI HIGH GHSA This Week

Path traversal in InstructLab's chat session handler enables local authenticated attackers to write files to arbitrary filesystem locations by manipulating the logs_dir parameter. Red Hat Enterprise Linux AI 3 deployments are confirmed affected. CVSS 7.1 (High) reflects significant confidentiality and integrity impact, though exploitation requires local access and low-level privileges. No active exploitation (CISA KEV) or public proof-of-concept identified at time of analysis. EPSS data not available, suggesting limited immediate widespread exploitation risk despite high severity rating.

Path Traversal Red Hat Enterprise Linux Ai Rhel Ai 3
NVD
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Denial Of Service Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to craft images with specific EXIF orientation or PNG tRNS transparency metadata that, when converted to RGB by vLLM, produces semantically altered image content fed to the LLM - affecting the integrity of inference outputs and potentially the reliability of the inference service. Affected deployments include Red Hat AI Inference Server across RHEL AI 3 and Red Hat OpenShift AI (RHOAI) environments. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, sensitive inference workloads processing user-supplied images (e.g., document classification, content moderation) face a higher practical risk from subtle input distortion attacks.

Information Disclosure Red Hat Red Hat Openshift Ai Rhoai +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in InstructLab affects Red Hat Enterprise Linux AI 3 when users download or train models from HuggingFace Hub. The linux_train.py script hardcodes trust_remote_code=True, allowing attackers to execute arbitrary Python code by hosting malicious models on HuggingFace and convincing users to run ilab train, download, or generate commands. This configuration weakness enables complete system compromise through social engineering attacks. CVSS 8.8 with network vector but requires user interaction, reducing automatic exploitation risk. No active exploitation (CISA KEV) or public POC identified at time of analysis.

RCE Python Red Hat Enterprise Linux Ai Rhel Ai 3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Path traversal in InstructLab's chat session handler enables local authenticated attackers to write files to arbitrary filesystem locations by manipulating the logs_dir parameter. Red Hat Enterprise Linux AI 3 deployments are confirmed affected. CVSS 7.1 (High) reflects significant confidentiality and integrity impact, though exploitation requires local access and low-level privileges. No active exploitation (CISA KEV) or public proof-of-concept identified at time of analysis. EPSS data not available, suggesting limited immediate widespread exploitation risk despite high severity rating.

Path Traversal Red Hat Enterprise Linux Ai Rhel Ai 3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy