VDB

RHSA-2026%3A6562

RHSA-2026%3A6562 PUBLISHED CVSS 7.099999904632568 HIGH

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4/ose-local-storage-diskmaker-rhel9@sha256:c2f731ca4a7885d786723025b7dcc6daf50e185d9faa1507d234d766d32caec3_s390x as a component of Red Hat OpenShift Container Platform 4.21*, *
Red Hatregistry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:12f6b0e26548e0f53712ccfb8be12b38668b759f14b5a34496e9621919cd4372_ppc64le as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:12f6b0e26548e0f53712ccfb8be12b38668b759f14b5a34496e9621919cd4372_ppc64le
Red Hatregistry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:b0172dfbe43fae3a31007e93222cc095d852f84cd34e2cded9a28a94a60ced24_s390x as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:b0172dfbe43fae3a31007e93222cc095d852f84cd34e2cded9a28a94a60ced24_s390x, *
Red Hatregistry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator@sha256:510be5fe92853f661a3e9fb4f873274f41e266b2471576c2b2bd82b3bc231539_s390x as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator@sha256:510be5fe92853f661a3e9fb4f873274f41e266b2471576c2b2bd82b3bc231539_s390x
Red Hatregistry.redhat.io/openshift4/ose-dpu-intel-netsec-vsp-rhel9@sha256:7de93615e4b70338408f158d9a3cd78dc9aed3ad37eb2ced8191225781804e71_amd64 as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ose-dpu-intel-netsec-vsp-rhel9@sha256:7de93615e4b70338408f158d9a3cd78dc9aed3ad37eb2ced8191225781804e71_amd64
Red Hatregistry.redhat.io/openshift4/ose-smb-csi-driver-rhel9@sha256:99bf84a8b8f506bfaa7983e8ea157e11bbc5d7671b1e61a7fdae65f2b2bd6b5f_ppc64le as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9@sha256:99bf84a8b8f506bfaa7983e8ea157e11bbc5d7671b1e61a7fdae65f2b2bd6b5f_ppc64le, *
Red Hatregistry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel9@sha256:d6066b1291a01931357d42725cefaed74ad9f614acb8307c609581ac855f56bc_s390x as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel9@sha256:d6066b1291a01931357d42725cefaed74ad9f614acb8307c609581ac855f56bc_s390x
Red Hatregistry.redhat.io/openshift4/ose-sriov-rdma-cni-rhel9@sha256:6834566849671f323b1099dd03240912ec208f77159689aeb84aaf0cb9152c60_ppc64le as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/ose-sriov-rdma-cni-rhel9@sha256:6834566849671f323b1099dd03240912ec208f77159689aeb84aaf0cb9152c60_ppc64le, *
Red Hatregistry.redhat.io/openshift4/ose-ansible-rhel9-operator@sha256:9a7a14eba3cafe8b8dd7822b76d827dcd65182bc95a82b1597c7815219950200_amd64 as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ose-ansible-rhel9-operator@sha256:9a7a14eba3cafe8b8dd7822b76d827dcd65182bc95a82b1597c7815219950200_amd64
Red Hatregistry.redhat.io/openshift4/ose-sriov-network-metrics-exporter-rhel9@sha256:11979545b063bbd8aec5d347f2e0c2e74b8f6d1cc4e375e09d5e746854e5b657_ppc64le as a component of Red Hat OpenShift Container Platform 4.21*, *
Red Hatregistry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:9fc236598f5b743d34dc0a734e98b3c394b91f18e28bdd4dedbb6e5830a2642c_s390x as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:9fc236598f5b743d34dc0a734e98b3c394b91f18e28bdd4dedbb6e5830a2642c_s390x
Red Hatregistry.redhat.io/openshift4/ose-sriov-network-metrics-exporter-rhel9@sha256:3c31fa27e2ddd68fce393705282694c1732cba1462b07370f87a28b994b5def7_arm64 as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/ose-sriov-network-metrics-exporter-rhel9@sha256:3c31fa27e2ddd68fce393705282694c1732cba1462b07370f87a28b994b5def7_arm64, *
Red Hatregistry.redhat.io/openshift4/ingress-node-firewall-rhel9@sha256:20153ce4892dd2ccc3633d67acc5736c576e65a05b4c60bdc3dc3ed4ea23402c_s390x as a component of Red Hat OpenShift Container Platform 4.21*, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-rdma-cni-rhel9@sha256:c7c543f53277a42eee1e2f201127f26530782a8b5cbb507142efe4f73e1286f2_amd64 as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/ose-sriov-rdma-cni-rhel9@sha256:c7c543f53277a42eee1e2f201127f26530782a8b5cbb507142efe4f73e1286f2_amd64
Red Hatregistry.redhat.io/openshift4/ose-aws-efs-csi-driver-container-rhel9@sha256:8789990aa291c78db85567eac361591f4bfcee70d00fd74640dc49e2db01929e_amd64 as a component of Red Hat OpenShift Container Platform 4.21*, *
Red Hatregistry.redhat.io/openshift4/ose-dpu-intel-ipu-p4sdk-rhel9@sha256:fde049475e15173764b7a1c51dbda6c1710ceb01c1bf156c5fcdd4e23d675824_arm64 as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/ose-dpu-intel-ipu-p4sdk-rhel9@sha256:fde049475e15173764b7a1c51dbda6c1710ceb01c1bf156c5fcdd4e23d675824_arm64, *
Red Hatregistry.redhat.io/openshift4/metallb-rhel9@sha256:77c613959e8d7a202df764c22623271eaef0c8902a5b5fa9d40a9dfd43efe9d2_s390x as a component of Red Hat OpenShift Container Platform 4.21*, registry.redhat.io/openshift4/metallb-rhel9@sha256:77c613959e8d7a202df764c22623271eaef0c8902a5b5fa9d40a9dfd43efe9d2_s390x
Red Hatregistry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:4641cf661870693c5058969e27578895ce06f51c125e79229223a6172f686862_amd64 as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:4641cf661870693c5058969e27578895ce06f51c125e79229223a6172f686862_amd64, *
Red Hatregistry.redhat.io/openshift4/ose-helm-rhel9-operator@sha256:15cfbdb794b1b4365e3c8fec494672c9dc604ad7337195addb84527a1cde836c_s390x as a component of Red Hat OpenShift Container Platform 4.21registry.redhat.io/openshift4/ose-helm-rhel9-operator@sha256:15cfbdb794b1b4365e3c8fec494672c9dc604ad7337195addb84527a1cde836c_s390x, *
Red Hatregistry.redhat.io/openshift4/ose-sriov-network-device-plugin-rhel9@sha256:4c9c7c437f1213be2c70a0c96aa442b05cd59566bbe4cdc7644486e353c5e96a_ppc64le as a component of Red Hat OpenShift Container Platform 4.21*, *

…and 161 more

Timeline

  • Apr 8, 2026 CVE Published
  • May 5, 2026 Distribution Patch
  • May 5, 2026 Distribution Patch
  • May 5, 2026 Security Advisory
  • May 5, 2026 Security Advisory
  • May 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›