Red hat enterprise linux 9.6 extended update support

This hub aggregates every CVE we track for Red hat enterprise linux 9.6 extended update support, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat enterprise linux 9.6 extended update support.

• CVE-2026-10118Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication7.8Jun 1, 2026
• CVE-2026-4408Samba: remote code execution in samr9.0May 28, 2026
• CVE-2026-1933Samba: missing access check on reparse point operations7.1May 27, 2026
• CVE-2026-2340Samba: vfs_worm does not block directory modification6.5May 27, 2026
• CVE-2026-3012Samba: group policy certificate enrollment uses http:// without validation8.0May 27, 2026
• CVE-2026-4480Samba: samba: remote code execution in printing subsystem via unescaped job description9.0May 26, 2026
• CVE-2026-9064389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)7.5May 20, 2026
• CVE-2026-4802Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui8.0May 11, 2026
• CVE-2026-34002Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling6.1May 5, 2026
• CVE-2026-34000Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.6.1May 5, 2026
• CVE-2026-34003Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access7.8Apr 23, 2026
• CVE-2026-34001Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption7.8Apr 23, 2026
• CVE-2026-33999Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling7.8Apr 23, 2026
• CVE-2026-4878Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()6.7Apr 9, 2026
• CVE-2026-4631Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection9.8Apr 7, 2026