VDB

CISA-2025-10990

CISA-2025-10990 PUBLISHED CVSS 7.5 HIGH

Reported by redhat · Published February 27, 2026

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
6.17.5, 6.16.5.4
Red HatRed Hat Satellite 6.16 for RHEL 80:8.8.1-3.el8sat
Red HatRed Hat Satellite 6.16 for RHEL 80:8.8.1-3.el8sat
Red HatRed Hat Satellite 6.16 for RHEL 90:8.8.1-3.el9sat
Red HatRed Hat Satellite 6.16 for RHEL 90:8.8.1-3.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:8.8.1-3.el9sat
Red HatRed Hat Satellite 6.17 for RHEL 90:8.8.1-3.el9sat
Red HatSatellite Client 6 for RHEL 80:7.34.0-4.el8sat
Red HatSatellite Client 6 for RHEL 90:7.34.0-4.el9sat
6.16.5.4, 6.17.5, 6.17.5
Red HatRed Hat Satellite 6.16 for RHEL 90:8.8.1-3.el9sat, *, 0:8.8.1-3.el9sat
Red HatRed Hat Satellite 6.16 for RHEL 80:8.8.1-3.el8sat, 0:8.8.1-3.el8sat, 0:8.8.1-3.el8sat
Red HatSatellite Client 6 for RHEL 80:7.34.0-4.el8sat, 0:7.34.0-4.el8sat
Red HatSatellite Client 6 for RHEL 90:7.34.0-4.el9sat, *
Red HatRed Hat Satellite 6.17 for RHEL 90:8.8.1-3.el9sat, 0:8.8.1-3.el9sat, 0:8.8.1-3.el9sat

Timeline

  • Feb 27, 2026 CVE Published
  • Feb 27, 2026 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›