Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:11516: Important: pcs security update

cve-2026-4800red-hat
A critical vulnerability (CVE-2026-4800, CVSS 8.1 High) in the lodash library used by the `pcs` cluster management tool allows arbitrary code execution via untrusted input in template imports. The vulnerability affects lodash versions prior to 4.17.21, lodash-es prior to 4.17.21, lodash-rails prior to 4.17.21, and lodash.template up to and including 4.5.0. Red Hat has rated this update as Important and released patched `pcs` packages for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions and related Extended Update Support channels.
Read Full Article →

Red Hat Product Errata RHSA-2026:11516 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11516 - Security Advisory Overview Updated Packages Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): lodash: lodash: Arbitrary code execution via untrusted input in template imports (CVE-2026-4800) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.4 s390x Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.4 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 9.4 x86_64 Fixes BZ - 2453496 - CVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template imports CVEs CVE-2026-4800 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de x86_64 pcs-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: bd6a1f77c4b9dfd51eb26f658b16c0a0b93469cc7033b00d1894c89b8db4c7f1 pcs-snmp-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: 536671aaa9fb832547265b94ccff7a986e58bfbdea97dcf640f420cd4df2ba62 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de x86_64 pcs-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: bd6a1f77c4b9dfd51eb26f658b16c0a0b93469cc7033b00d1894c89b8db4c7f1 pcs-snmp-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: 536671aaa9fb832547265b94ccff7a986e58bfbdea97dcf640f420cd4df2ba62 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de ppc64le pcs-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 418335885eb37c05757085ed0c85e518eb8e7f4c4738ae445a30b048d35a4edf pcs-snmp-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 48d1389f167df3e08eb5ab58397857c5c1896e6661c3369a7b01a8f83668175c Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de ppc64le pcs-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 418335885eb37c05757085ed0c85e518eb8e7f4c4738ae445a30b048d35a4edf pcs-snmp-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 48d1389f167df3e08eb5ab58397857c5c1896e6661c3369a7b01a8f83668175c Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de ppc64le pcs-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 418335885eb37c05757085ed0c85e518eb8e7f4c4738ae445a30b048d35a4edf pcs-snmp-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 48d1389f167df3e08eb5ab58397857c5c1896e6661c3369a7b01a8f83668175c Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de x86_64 pcs-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: bd6a1f77c4b9dfd51eb26f658b16c0a0b93469cc7033b00d1894c89b8db4c7f1 pcs-snmp-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: 536671aaa9fb832547265b94ccff7a986e58bfbdea97dcf640f420cd4df2ba62 Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de s390x pcs-0.11.7-2.el9_4.7.s390x.rpm SHA-256: e7acf818ed2a0bad28553339b453647d5cb03bb68c1f9a74be3534309fc497c7 pcs-snmp-0.11.7-2.el9_4.7.s390x.rpm SHA-256: befaaa327327f263db8f5ec47ea0ea1cb840c09770c534ffd4229d630808aef5 Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de aarch64 pcs-0.11.7-2.el9_4.7.aarch64.rpm SHA-256: b62ae33ba873ce2766d179804d9aaa6834668a3d4b0b7cc5b6b0779c6ca9878d pcs-snmp-0.11.7-2.el9_4.7.aarch64.rpm SHA-256: f48c91d46e80f6869bd62361875670a1356d8ccb5084b8cffcd5f7c91472a50d Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de s390x pcs-0.11.7-2.el9_4.7.s390x.rpm SHA-256: e7acf818ed2a0bad28553339b453647d5cb03bb68c1f9a74be3534309fc497c7 pcs-snmp-0.11.7-2.el9_4.7.s390x.rpm SHA-256: befaaa327327f263db8f5ec47ea0ea1cb840c09770c534ffd4229d630808aef5 Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de aarch64 pcs-0.11.7-2.el9_4.7.aarch64.rpm SHA-256: b62ae33ba873ce2766d179804d9aaa6834668a3d4b0b7cc5b6b0779c6ca9878d pcs-snmp-0.11.7-2.el9_4.7.aarch64.rpm SHA-256: f48c91d46e80f6869bd62361875670a1356d8ccb5084b8cffcd5f7c91472a50d Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de s390x pcs-0.11.7-2.el9_4.7.s390x.rpm SHA-256: e7acf818ed2a0bad28553339b453647d5cb03bb68c1f9a74be3534309fc497c7 pcs-snmp-0.11.7-2.el9_4.7.s390x.rpm SHA-256: befaaa327327f263db8f5ec47ea0ea1cb840c09770c534ffd4229d630808aef5 Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de x86_64 pcs-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: bd6a1f77c4b9dfd51eb26f658b16c0a0b93469cc7033b00d1894c89b8db4c7f1 pcs-snmp-0.11.7-2.el9_4.7.x86_64.rpm SHA-256: 536671aaa9fb832547265b94ccff7a986e58bfbdea97dcf640f420cd4df2ba62 Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de ppc64le pcs-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 418335885eb37c05757085ed0c85e518eb8e7f4c4738ae445a30b048d35a4edf pcs-snmp-0.11.7-2.el9_4.7.ppc64le.rpm SHA-256: 48d1389f167df3e08eb5ab58397857c5c1896e6661c3369a7b01a8f83668175c Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de s390x pcs-0.11.7-2.el9_4.7.s390x.rpm SHA-256: e7acf818ed2a0bad28553339b453647d5cb03bb68c1f9a74be3534309fc497c7 pcs-snmp-0.11.7-2.el9_4.7.s390x.rpm SHA-256: befaaa327327f263db8f5ec47ea0ea1cb840c09770c534ffd4229d630808aef5 Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 9.4 SRPM pcs-0.11.7-2.el9_4.7.src.rpm SHA-256: 1abd57d15c8559f62b3f4002770609c00554a730bc64bbcf66b47fad020ca8de aarch64 pcs-0.11.7-2.el9_4.7.aarch64.rpm SHA-256: b62ae33ba873ce2766d179804d9aaa6834668a3d4b0b7cc5b6b0779c6ca9878d pcs-snmp-0.11.7-2.el9_4.7.aarch64.rpm SHA-256: f48c91d46e80f6869bd62361875670a1356d8ccb5084b8cffcd5f7c91472a50d Red Hat Enterprise Linux High Availabil

Related Articles

HIGH RHSA-2026:10713: Important: pcs security update Red Hat Errata MEDIUM RHSA-2026:17789: Important: Red Hat build of Cryostat 4.2.0: new RHEL 9 container image security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn