Red Hat Product Errata RHSA-2026:21517 - Security Advisory Issued: 2026-05-27 Updated: 2026-05-27 RHSA-2026:21517 - Security Advisory Overview Updated Packages Synopsis Important: fence-agents security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves (CVE-2026-26007) pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 ?4.1.11 MUST violation) (CVE-2026-32597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.4 s390x Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.4 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 9.4 x86_64 Fixes BZ - 2438762 - CVE-2026-26007 cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves BZ - 2447194 - CVE-2026-32597 pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 ?4.1.11 MUST violation) CVEs CVE-2026-26007 CVE-2026-32597 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM fence-agents-4.10.0-62.el9_4.24.src.rpm SHA-256: 2db8b4a2cb492bf30bb9c9cf494edc86be8633242d22debe5aef69c3cb387eca x86_64 fence-agents-common-4.10.0-62.el9_4.24.noarch.rpm SHA-256: 325364e4017a1de9100706d8a8da3619317a4a64b256bf71e541ac8c6e1555d1 fence-agents-compute-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: e93b2215eeee2b182df1931053ed3349872ae30e294179aeba98a8453b116624 fence-agents-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 29b58a6039ad241f7665d743c1e4da603f96cb47db4f54a1bfa71a2ed45520b0 fence-agents-debugsource-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 4dc64058824b1021ea4c2133a433c882121266049a84d51a3f3f8fba1c3d587f fence-agents-ibm-powervs-4.10.0-62.el9_4.24.noarch.rpm SHA-256: c38c43a414904a5f4886c5573e130de71549e3ebafd4c1e607c638b376226d15 fence-agents-ibm-vpc-4.10.0-62.el9_4.24.noarch.rpm SHA-256: bd7f958527d9ba669a63e3e8703ffa9bf8b1e874a78cac6ef5bf2d86ccc8a208 fence-agents-kdump-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: e630a77433d9e81ae7131e5836277f00b17da410c0d4fe8c5cd9066968bfcdfd fence-agents-kubevirt-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: aaabc332dd80a363e8719bbc24d5f233b7c6bb0284deda24501af6211086bb15 fence-agents-kubevirt-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 3bbd45d5ff9be5bd956cc8208f0f7897fb8e3ea3c41d9214e99c974dde7f98c1 fence-agents-virsh-4.10.0-62.el9_4.24.noarch.rpm SHA-256: 8d863d461858e6e286a546f21115b5fee6f3d69c9768c6f648bec6acff26f653 fence-virt-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 661d9360f5330a27d4a9762ee77f00cbc848cc9e77508de832f734cbd631aac6 fence-virt-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 6702acf8618f400c946514373256881200f6f3db58e5aec2dbb4624a6faae76c fence-virtd-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 425fe18366d4c63659dcb7331bef96adee57276ec21aab083800126332196362 fence-virtd-cpg-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 582e36f575e859a67455e421e7eb1f794641b0a655248907beb0c5da56fd01cb fence-virtd-cpg-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 6467d8e6f16998a229b637bd471d7bbb7ed0f2ffa61ee1ae4ab48b42f69c1e94 fence-virtd-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: c224ec0f5e6a5716e771225212162fe7f194feedb742acff86cf804154bfc8e6 fence-virtd-libvirt-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 490a53be559a229fdb80c50c58c288f106f6ea1dbb84541ebc1feefc869f1626 fence-virtd-libvirt-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: f172f3da2f25e94ac4b28e110974bf29d51aa4a599dace756831c546a4d28b2e fence-virtd-multicast-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 4470b3cfc66d349612dd0418ffcbd6cc1fbdf68ae41c381933bccd335ce59a4f fence-virtd-multicast-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 3e78694266bfc6f4d0e89ac14ca8ca8afcc84daa2def4abc2607b459b7053f48 fence-virtd-serial-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 9e96e0f4011fc9e8a29fa01354f0354c2707b40c0b1cf4295d90e2780f6d8234 fence-virtd-serial-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 2434cbad5f1f74413188a8b5a3c982d010cc959da4741f1c581da6ad846cd294 fence-virtd-tcp-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: ed20ca9568cd0524e1bfdc8b2e43eb8c6d39032145e916da914cc9f621c20e2a fence-virtd-tcp-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: bad043908635bbd5d4cd1b185a50c94b4f7f50bce8e1a677450dd32f59f0096f ha-cloud-support-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: a8669e27789327f643bb1cd1b784e0b2f56b2f616f7bb6955ff22075e0dfddf9 Red Hat Enterprise Linux Server - AUS 9.4 SRPM fence-agents-4.10.0-62.el9_4.24.src.rpm SHA-256: 2db8b4a2cb492bf30bb9c9cf494edc86be8633242d22debe5aef69c3cb387eca x86_64 fence-agents-common-4.10.0-62.el9_4.24.noarch.rpm SHA-256: 325364e4017a1de9100706d8a8da3619317a4a64b256bf71e541ac8c6e1555d1 fence-agents-compute-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: e93b2215eeee2b182df1931053ed3349872ae30e294179aeba98a8453b116624 fence-agents-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 29b58a6039ad241f7665d743c1e4da603f96cb47db4f54a1bfa71a2ed45520b0 fence-agents-debugsource-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 4dc64058824b1021ea4c2133a433c882121266049a84d51a3f3f8fba1c3d587f fence-agents-ibm-powervs-4.10.0-62.el9_4.24.noarch.rpm SHA-256: c38c43a414904a5f4886c5573e130de71549e3ebafd4c1e607c638b376226d15 fence-agents-ibm-vpc-4.10.0-62.el9_4.24.noarch.rpm SHA-256: bd7f958527d9ba669a63e3e8703ffa9bf8b1e874a78cac6ef5bf2d86ccc8a208 fence-agents-kdump-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: e630a77433d9e81ae7131e5836277f00b17da410c0d4fe8c5cd9066968bfcdfd fence-agents-kubevirt-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: aaabc332dd80a363e8719bbc24d5f233b7c6bb0284deda24501af6211086bb15 fence-agents-kubevirt-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 3bbd45d5ff9be5bd956cc8208f0f7897fb8e3ea3c41d9214e99c974dde7f98c1 fence-agents-virsh-4.10.0-62.el9_4.24.noarch.rpm SHA-256: 8d863d461858e6e286a546f21115b5fee6f3d69c9768c6f648bec6acff26f653 fence-virt-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 661d9360f5330a27d4a9762ee77f00cbc848cc9e77508de832f734cbd631aac6 fence-virt-debuginfo-4.10.0-62.el9_4.24.x86_64.rpm SHA-256: 6702acf8618f400