RHSA-2026:8838
Advisory lineage Upstream: 36 Downstream: 0
Published: 21 Apr 2026, 10:10
Last modified:22 May 2026, 10:08
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Apr 2026, 10:10
Published
Vulnerability first disclosed
22 May 2026, 10:08
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Systems
- redhat•ruby4.0
< 0:4.0.0-33.3.hum1
- redhat•ruby4.0-default-gems
< 0:4.0.0-33.3.hum1
References (159)
- https://access.redhat.com/errata/RHSA-2026:8838
- https://images.redhat.com/
- https://access.redhat.com/security/cve/CVE-2026-27820
- https://access.redhat.com/security/updates/classification/
- https://access.redhat.com/security/cve/CVE-2008-3905
- https://access.redhat.com/security/cve/CVE-2008-3657
- https://access.redhat.com/security/cve/CVE-2008-3656
- https://access.redhat.com/security/cve/CVE-2008-3655
- https://access.redhat.com/security/cve/CVE-2024-27282
- https://access.redhat.com/security/cve/CVE-2021-31810
- https://access.redhat.com/security/cve/CVE-2019-16254
- https://access.redhat.com/security/cve/CVE-2018-8780
- https://access.redhat.com/security/cve/CVE-2017-14064
- https://access.redhat.com/security/cve/CVE-2017-10784
- https://access.redhat.com/security/cve/CVE-2015-9096
- https://access.redhat.com/security/cve/CVE-2014-8090
- https://access.redhat.com/security/cve/CVE-2014-8080
- https://access.redhat.com/security/cve/CVE-2014-6438
- https://access.redhat.com/security/cve/CVE-2014-4975
- https://access.redhat.com/security/cve/CVE-2013-1821
- https://access.redhat.com/security/cve/CVE-2012-5371
- https://access.redhat.com/security/cve/CVE-2011-4815
- https://access.redhat.com/security/cve/CVE-2008-1891
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8838.json
- https://bugzilla.redhat.com/show_bug.cgi?id=443829
- https://www.cve.org/CVERecord?id=CVE-2008-1891
- https://nvd.nist.gov/vuln/detail/CVE-2008-1891
- https://bugzilla.redhat.com/show_bug.cgi?id=458948
- https://www.cve.org/CVERecord?id=CVE-2008-3655
- https://nvd.nist.gov/vuln/detail/CVE-2008-3655
- https://bugzilla.redhat.com/show_bug.cgi?id=458953
- https://www.cve.org/CVERecord?id=CVE-2008-3656
- https://nvd.nist.gov/vuln/detail/CVE-2008-3656
- https://bugzilla.redhat.com/show_bug.cgi?id=458966
- https://www.cve.org/CVERecord?id=CVE-2008-3657
- https://nvd.nist.gov/vuln/detail/CVE-2008-3657
- https://bugzilla.redhat.com/show_bug.cgi?id=461495
- https://www.cve.org/CVERecord?id=CVE-2008-3905
- https://nvd.nist.gov/vuln/detail/CVE-2008-3905
- https://bugzilla.redhat.com/show_bug.cgi?id=750564
- https://www.cve.org/CVERecord?id=CVE-2011-4815
- https://nvd.nist.gov/vuln/detail/CVE-2011-4815
- https://bugzilla.redhat.com/show_bug.cgi?id=875236
- https://www.cve.org/CVERecord?id=CVE-2012-5371
- https://nvd.nist.gov/vuln/detail/CVE-2012-5371
- https://bugzilla.redhat.com/show_bug.cgi?id=914716
- https://www.cve.org/CVERecord?id=CVE-2013-1821
- https://nvd.nist.gov/vuln/detail/CVE-2013-1821
- http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
- https://bugzilla.redhat.com/show_bug.cgi?id=1118158
- https://www.cve.org/CVERecord?id=CVE-2014-4975
- https://nvd.nist.gov/vuln/detail/CVE-2014-4975
- https://bugzilla.redhat.com/show_bug.cgi?id=1490845
- https://www.cve.org/CVERecord?id=CVE-2014-6438
- https://nvd.nist.gov/vuln/detail/CVE-2014-6438
- https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/
- https://bugzilla.redhat.com/show_bug.cgi?id=1157709
- https://www.cve.org/CVERecord?id=CVE-2014-8080
- https://nvd.nist.gov/vuln/detail/CVE-2014-8080
- https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
- https://bugzilla.redhat.com/show_bug.cgi?id=1159927
- https://www.cve.org/CVERecord?id=CVE-2014-8090
- https://nvd.nist.gov/vuln/detail/CVE-2014-8090
- https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
- https://bugzilla.redhat.com/show_bug.cgi?id=1461846
- https://www.cve.org/CVERecord?id=CVE-2015-9096
- https://nvd.nist.gov/vuln/detail/CVE-2015-9096
- https://bugzilla.redhat.com/show_bug.cgi?id=1492012
- https://www.cve.org/CVERecord?id=CVE-2017-10784
- https://nvd.nist.gov/vuln/detail/CVE-2017-10784
- https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
- https://bugzilla.redhat.com/show_bug.cgi?id=1487552
- https://www.cve.org/CVERecord?id=CVE-2017-14064
- https://nvd.nist.gov/vuln/detail/CVE-2017-14064
- https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/
- https://bugzilla.redhat.com/show_bug.cgi?id=1561949
- https://www.cve.org/CVERecord?id=CVE-2018-8780
- https://nvd.nist.gov/vuln/detail/CVE-2018-8780
- https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
- https://bugzilla.redhat.com/show_bug.cgi?id=1789556
- https://www.cve.org/CVERecord?id=CVE-2019-16254
- https://nvd.nist.gov/vuln/detail/CVE-2019-16254
- https://bugzilla.redhat.com/show_bug.cgi?id=1980126
- https://www.cve.org/CVERecord?id=CVE-2021-31810
- https://nvd.nist.gov/vuln/detail/CVE-2021-31810
- https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://bugzilla.redhat.com/show_bug.cgi?id=2276810
- https://www.cve.org/CVERecord?id=CVE-2024-27282
- https://nvd.nist.gov/vuln/detail/CVE-2024-27282
- https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
- https://bugzilla.redhat.com/show_bug.cgi?id=2459002
- https://www.cve.org/CVERecord?id=CVE-2026-27820
- https://nvd.nist.gov/vuln/detail/CVE-2026-27820
- https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
- https://hackerone.com/reports/3467067
- https://access.redhat.com/security/cve/CVE-2023-28756
- https://access.redhat.com/security/cve/CVE-2022-28739
- https://access.redhat.com/security/cve/CVE-2021-41819
- https://access.redhat.com/security/cve/CVE-2021-28965
- https://access.redhat.com/security/cve/CVE-2020-25613
- https://bugzilla.redhat.com/show_bug.cgi?id=1883623
- https://www.cve.org/CVERecord?id=CVE-2020-25613
- https://nvd.nist.gov/vuln/detail/CVE-2020-25613
- https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
- https://bugzilla.redhat.com/show_bug.cgi?id=1947526
- https://www.cve.org/CVERecord?id=CVE-2021-28965
- https://nvd.nist.gov/vuln/detail/CVE-2021-28965
- https://bugzilla.redhat.com/show_bug.cgi?id=2026757
- https://www.cve.org/CVERecord?id=CVE-2021-41819
- https://nvd.nist.gov/vuln/detail/CVE-2021-41819
- https://bugzilla.redhat.com/show_bug.cgi?id=2075687
- https://www.cve.org/CVERecord?id=CVE-2022-28739
- https://nvd.nist.gov/vuln/detail/CVE-2022-28739
- http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
- https://bugzilla.redhat.com/show_bug.cgi?id=2184061
- https://www.cve.org/CVERecord?id=CVE-2023-28756
- https://nvd.nist.gov/vuln/detail/CVE-2023-28756
- https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
- https://access.redhat.com/security/cve/CVE-2011-0188
- https://access.redhat.com/security/cve/CVE-2008-2662
- https://access.redhat.com/security/cve/CVE-2008-2725
- https://access.redhat.com/security/cve/CVE-2008-2726
- https://access.redhat.com/security/cve/CVE-2008-2663
- https://bugzilla.redhat.com/show_bug.cgi?id=450821
- https://www.cve.org/CVERecord?id=CVE-2008-2662
- https://nvd.nist.gov/vuln/detail/CVE-2008-2662
- https://bugzilla.redhat.com/show_bug.cgi?id=450825
- https://www.cve.org/CVERecord?id=CVE-2008-2663
- https://nvd.nist.gov/vuln/detail/CVE-2008-2663
- https://bugzilla.redhat.com/show_bug.cgi?id=451821
- https://www.cve.org/CVERecord?id=CVE-2008-2725
- https://nvd.nist.gov/vuln/detail/CVE-2008-2725
- https://bugzilla.redhat.com/show_bug.cgi?id=451828
- https://www.cve.org/CVERecord?id=CVE-2008-2726
- https://nvd.nist.gov/vuln/detail/CVE-2008-2726
- https://bugzilla.redhat.com/show_bug.cgi?id=682332
- https://www.cve.org/CVERecord?id=CVE-2011-0188
- https://nvd.nist.gov/vuln/detail/CVE-2011-0188
- https://access.redhat.com/security/cve/CVE-2008-2664
- https://access.redhat.com/security/cve/CVE-2011-3009
- https://access.redhat.com/security/cve/CVE-2011-2686
- https://access.redhat.com/security/cve/CVE-2011-2705
- https://access.redhat.com/security/cve/CVE-2009-5147
- https://access.redhat.com/security/cve/CVE-2015-7551
- https://bugzilla.redhat.com/show_bug.cgi?id=450834
- https://www.cve.org/CVERecord?id=CVE-2008-2664
- https://nvd.nist.gov/vuln/detail/CVE-2008-2664
- https://bugzilla.redhat.com/show_bug.cgi?id=1248935
- https://www.cve.org/CVERecord?id=CVE-2009-5147
- https://nvd.nist.gov/vuln/detail/CVE-2009-5147
- https://bugzilla.redhat.com/show_bug.cgi?id=722415
- https://www.cve.org/CVERecord?id=CVE-2011-2686
- https://nvd.nist.gov/vuln/detail/CVE-2011-2686
- https://www.cve.org/CVERecord?id=CVE-2011-2705
- https://nvd.nist.gov/vuln/detail/CVE-2011-2705
- https://www.cve.org/CVERecord?id=CVE-2011-3009
- https://nvd.nist.gov/vuln/detail/CVE-2011-3009
- https://www.cve.org/CVERecord?id=CVE-2015-7551
- https://nvd.nist.gov/vuln/detail/CVE-2015-7551