CVE-2026-42999

A flaw was found in OpenStack Keystone. This vulnerability allows an authenticated user to bypass Role-Based Access Control RBAC checks by injecting arbitrary policy target attributes into the request body. This enables the user to perform unauthorized operations on resources belonging to other...

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

CVE-2026-41014

Apache Airflow vulnerability CVE-2026-41014 affects the partitioned_dag_runs endpoints in the UI. The issue arises from enforcing only asset-level access control, enabling an authenticated UI/API user with global Asset:read permission to enumerate partition run state, schedule configuration, and ...

MAL-2026-5116 Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

PT-2026-44890

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

PT-2026-44464

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy dict.updatejson input.copy, overwriting trusted target data that was previously set fro...

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

CVE-2026-42541

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6194: Backport to odf-4.17.24 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6235: 4.18 ROSA HCPUI blocker Broken Storage System wizard DFBUGS-6185: ocs-operator should not use image...

CVE-2026-42541

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

CVE-2026-42541

CVE-2026-42541 (Kubewarden RBAC Reconnaissance) : Affected Kubewarden versions allow an attacker with privileged AdmissionPolicy/AdmissionPolicyGroup create permissions to abuse the can_i host callback, which forwards a SubjectAccessReview (SAR) to the policy-server with elevated privileges. This...

PT-2026-40269

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...