CVE-2026-27140

high Red Hat
CVSS v3 Base Score
9.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: April 8, 2026 (93 days ago)
Last Modified: April 8, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

CWE

CWE-641

Affected Products

OpenShift Service Mesh 2OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Fix Status

✅ Fix Available

References