{"id":"RHSA-2026:7655","summary":"Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update","modified":"2026-07-16T10:16:06.978191969Z","published":"2026-05-04T10:11:32Z","upstream":["CVE-2026-2950","CVE-2026-45149","CVE-2026-45736","CVE-2026-59868","CVE-2026-59870"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:7655"},{"type":"ARTICLE","url":"https://images.redhat.com/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-2950"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-45149"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-45736"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-59870"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-59868"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7655.json"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453499"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-2950"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2950"},{"type":"ARTICLE","url":"https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483481"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-45149"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45149"},{"type":"ARTICLE","url":"https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477914"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-45736"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45736"},{"type":"ARTICLE","url":"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"},{"type":"ARTICLE","url":"https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498114"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-59868"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59868"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/releases/tag/5.2.0"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498130"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-59870"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59870"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/releases/tag/5.2.1"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm"}],"affected":[{"package":{"name":"yarnpkg","ecosystem":"Red Hat:hummingbird:1","purl":"pkg:rpm/redhat/yarnpkg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.22-18.1.hum1"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:7655.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}