Main Vulnerability Database SB2026012721

SB2026012721 - Red Hat Enterprise Linux 7 Extended Lifecycle Support update for resource-agents

Published: January 27, 2026

Security Bulletin ID SB2026012721

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-66418)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing limits on the number of links in the decompression chain when handling gzip or zstd data in the server response. A malicious server can send a response with a large amount of links and cause high CPU load, leading to a denial of service condition.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2026:1336