Primary

Context

REXML Regular Expression Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the REXML library, used in various components of Red Hat Satellite. This vulnerability arises from inefficient regular expression parsing of hex numeric character references in XML documents, allowing remote attackers to cause a regular expression denial-of-service (ReDoS) attack. The issue impacts the availability of the affected component and stems from an incomplete fix for a previous vulnerability (CVE-2024-49761).

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing resource consumption on the affected system by degrading performance and responsiveness.

Remediation

Users can upgrade to the patched versions of Red Hat Satellite 6.16 or 6.17 for RHEL 8 and 9. Instructions for applying this update are available in the Red Hat Satellite 6.17 Updating Guide.

Added: Feb 27, 2026, 2:42 PM

Updated: Feb 27, 2026, 2:42 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

REXML Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

REXML

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating