VDB

RHSA-2026%3A2925

RHSA-2026%3A2925 PUBLISHED CVSS 7.5 HIGH

A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red HatRed Hat Trusted Artifact Signer
Red Hatregistry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64 as a component of Red Hat Trusted Artifact Signer 1.2*, registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64, registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64
Red Hatregistry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64 as a component of Red Hat Trusted Artifact Signer 1.2registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64, registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64, registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:433385e5a9d3524baea007bf67ea785b2ee76b8218debf21fedf935950ab284e_amd64

Timeline

  • Feb 18, 2026 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jul 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›