Red hat openshift container platform 4

This hub aggregates every CVE we track for Red hat openshift container platform 4, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat openshift container platform 4.

• CVE-2026-12725Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies5.9Jun 22, 2026
• CVE-2026-54100Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft8.3Jun 22, 2026
• CVE-2026-54099Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters8.8Jun 22, 2026
• CVE-2026-3195Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)7.4Jun 19, 2026
• CVE-2026-3196Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation5.5Jun 19, 2026
• CVE-2026-12505Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall7.8Jun 18, 2026
• CVE-2026-10649Pacemaker: pacemaker: denial of service via integer overflow in remote message decompression8.6Jun 16, 2026
• CVE-2026-42014Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin6.6Jun 16, 2026
• CVE-2026-48914Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling6.7Jun 12, 2026
• CVE-2026-11850Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read5.0Jun 11, 2026
• CVE-2026-6893Dracut: dracut: root code execution via dhcp options command injection7.5Jun 10, 2026
• CVE-2026-3238Samba: denial of service against ad dc wins server7.5Jun 8, 2026
• CVE-2026-10843Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws7.2Jun 4, 2026
• CVE-2026-10805Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend6.7Jun 4, 2026
• CVE-2026-1784Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection8.8Jun 2, 2026