Zero Day MonitorZDM

← Back to list

4.0

CVE-2026-2625PATCHED

red hat · red hat enterprise linux

Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification

Description

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	enterprise linux	cert_advisory	90%

References

https://access.redhat.com/errata/RHSA-2026:12682(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-2625(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2440357(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier B

BSI Advisories6h ago

[NEU] [mittel] Red Hat Hardened Images RPMs: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.14.0 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.10.1.1-1.2.hum1

CWECWE-347

PublishedApr 3, 2026

Last enriched30d ago

Trending Score20

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-6266EXP

Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

NONECVE-2026-7500EXP

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

NONECVE-2026-33846EXP

Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly

Multiple Denial of Service Vulnerabilities in Red Hat OpenShift Container Platform

NONECVE-2026-33845

Gnutls: gnutls: denial of service via dtls zero-length fragment

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Patch Available

May 1, 2026