CVE-2026-30922

high

Red Hat

CVSS v3 Base Score

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 88% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: March 18, 2026 (57 days ago)

Last Modified: March 18, 2026

Vendor: Red Hat

Source: REDHAT

Description

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.

CWE

CWE-835

Affected Products

Migration Toolkit for ContainersMigration Toolkit for VirtualizationOpenShift LightspeedOpenShift Service Mesh 3Red Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-30922

Vulnerability Report

Description

CWE

Affected Products

References