Zero Day MonitorZDM

← Back to list

7.1

CVE-2026-6855EXPLOITED

red hat · red hat enterprise linux ai (rhel ai)

Instructlab: instructlab: path traversal allows arbitrary directory creation and file write

Description

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux ai (rhel ai)	—

References

https://access.redhat.com/security/cve/CVE-2026-6855(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2460013(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB6d ago

CVE-2026-6855 | Red Hat Enterprise Linux AI 3 logs_dir path traversal

→ No new info (linked only)

CVSS 3.17.1 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-22

PublishedApr 22, 2026

Last enriched6d agov2

Trending Score18

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Vulnerabilities in Red Hat Products Allow Remote Code Execution, File Manipulation, and Denial of Service

NONECVE-2025-14831

Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification

MEDIUMCVE-2025-66286

Webkitgtk: authorization bypass through webpage::send-request signal handler

NONECVE-2026-7309

Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

NONECVE-2026-6848

Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 22, 2026

Discovered by ZDM

Apr 22, 2026

Updated: severity, activelyExploited

Apr 22, 2026

Actively Exploited

Apr 24, 2026

Version History

v2

Last enriched 6d ago

v2Tier C6d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v16d ago

Initial creation