Multiple Vulnerabilities Disclosed in Red Hat OpenShift Pipelines and Fulcio Component
Red Hat OpenShift Pipelines was the subject of multiple security advisories, including one affecting the Fulcio component used by the OpenShift Pipelines Operator. One disclosed flaw was reported to allow denial of service, raising the risk of service disruption in environments that rely on the operator’s signing and pipeline-related functionality.
A later advisory reported multiple vulnerabilities in Red Hat OpenShift Pipelines, indicating broader security exposure beyond the previously disclosed Fulcio issue. Organizations running OpenShift Pipelines should review the affected product versions, assess exposure across pipeline and operator deployments, and prioritize vendor-recommended updates or mitigations to reduce the risk of disruption or further compromise.
Timeline
Apr 23, 2026
dCERT publishes advisory on multiple OpenShift Pipelines vulnerabilities
dCERT published advisory 2026-1226 for Red Hat OpenShift Pipelines describing multiple vulnerabilities affecting the product.
Jan 23, 2026
dCERT publishes Fulcio DoS advisory for OpenShift Pipelines Operator
dCERT published advisory 2026-0198 covering a vulnerability in the Red Hat OpenShift Pipelines Operator component Fulcio that could allow denial of service.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
Multiple Vulnerabilities Disclosed in Red Hat Hardened Images RPMs
dCERT issued advisories for **multiple vulnerabilities** affecting **Red Hat Hardened Images RPMs**, identifying the issue in notices `2026-1205` and `2026-1246`. The advisories indicate that security flaws were found in RPM packages used within Red Hat hardened container images, potentially exposing systems that rely on those images to a range of risks depending on the affected packages and deployed workloads. The publication of two separate dCERT notices suggests ongoing or updated vendor guidance around the same product area, and organizations using Red Hat hardened images should review the referenced advisories, determine which RPMs and image versions are affected, and prioritize remediation through updated packages or rebuilt images. Security teams should also verify downstream dependencies in container registries and production environments to ensure vulnerable image layers are replaced.
Today
Red Hat OpenShift AI flaws exposed cross-namespace Llama services and service account tokens
Red Hat disclosed two high-severity vulnerabilities in OpenShift AI that could let authenticated attackers access other tenants’ resources and sensitive Kubernetes credentials. **CVE-2025-12805** affects the `llama-stack-operator`, where a missing `NetworkPolicy` left the Llama Stack service endpoint reachable across namespaces. Red Hat said a user in one namespace could directly access another user’s Llama Stack instance and potentially view or manipulate sensitive data, with the issue tracked under **CWE-653** and rated `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N`. A second flaw, **CVE-2026-5483**, impacts the `odh-dashboard` component and can expose Kubernetes Service Account tokens through a Node.js endpoint. Red Hat warned that disclosure of those tokens could enable unauthorized access to Kubernetes resources; the issue is mapped to **CWE-201** and carries the vector `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H`. Red Hat published CVE records, Bugzilla entries, and errata references for both vulnerabilities, highlighting risks to confidentiality and integrity in multi-tenant OpenShift AI deployments.
3 weeks ago
Critical OpenShift and OpenSSH Flaws Expose Linux Systems to Root Access
Authorities warned that **Red Hat OpenShift Container Platform 4** contains two high-severity vulnerabilities that can lead to code execution and node takeover in enterprise container environments. `CVE-2024-45496` in `ose-openshift-controller-manager-container` carries a **CVSS 9.9** rating and can allow arbitrary code execution on an OpenShift node when a user with developer-level access exploits insufficient restrictions on elevated privileges. `CVE-2024-7387` in `openshift4/ose-docker-builder`, rated **CVSS 9.1**, can enable arbitrary command execution on an OpenShift node and may allow privilege escalation and full control of the affected node. At the time of the alert, mitigations were available but vendor patches had not yet been released. A separate alert highlighted the **regreSSHion** flaw in **OpenSSH**, which can give an attacker unrestricted root-level access on vulnerable Linux and FreeBSD-based systems. The issue affects OpenSSH versions from `8.5p1` up to but not including `9.8p1`, as well as versions earlier than `4.4p1`; OpenBSD-based systems were reported as not vulnerable. Successful exploitation has been confirmed on systems using **glibc**, while systems using **musl libc** were reported as not vulnerable, and the attack currently requires repeated attempts over hours or days. A fix is available in **OpenSSH `9.8p1`**, though some distributors have backported the patch, meaning package version numbers alone may not reliably indicate exposure.
1 weeks ago