CVE-2026-56209 – Red Hat Enterprise Linux 10 & Red Hat Hardened Images
“A single vulnerable media parser can turn trusted content into a pathway for system compromise.”
Red Hat has released security updates for Red Hat Enterprise Linux 10 and Red Hat Hardened Images to address twelve vulnerabilities affecting GStreamer, libaom, HPLIP, and cifs-utils. The vulnerabilities include heap buffer overflows, out-of-bounds reads and writes, integer overflows, arbitrary memory writes, and improper privilege handling that could allow denial of service, information disclosure, privilege escalation, or remote code execution. The most severe issue, CVE-2026-14544, has a CVSS score of 9.8, which is Critical severity. CVE-2026-52720 has a CVSS score of 8.8 (High), CVE-2026-12505 has a CVSS score of 7.8 (High), CVE-2026-53705 and CVE-2026-56208 each have a CVSS score of 7.6 (High), and CVE-2026-52719, CVE-2026-52722, CVE-2026-53703, CVE-2026-53704, CVE-2026-56209, CVE-2026-56210, and CVE-2026-56211 each have a CVSS score of 7.1 (High).
These updates strengthen input validation, memory boundary checks, privilege handling, and parser logic across multiple multimedia and system components. Several vulnerabilities could potentially lead to remote code execution, while others enable privilege escalation, information disclosure, or denial-of-service attacks when processing specially crafted content. There is no verified public exploitation associated with these vulnerabilities. Applying the updates significantly reduces the risk of system compromise and improves the resilience of affected Red Hat platforms.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-787