Red Hat osbuild-composer Security Update Leaves System Open to Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Red Hat osbuild-composer Security Update Leaves System Open to Unauthorized Access

RHSA-2026:2685

Summary

A critical security issue has been found in the osbuild-composer tool, which is used to build and compose operating systems. If exploited, an attacker could gain unauthorized access to the system, potentially leading to data theft or system compromise. Update to the latest version of osbuild-composer to ensure your system remains secure.

What to do

Update redhat osbuild-composer to version 0:75-6.el8_8.
Update redhat osbuild-composer-core to version 0:75-6.el8_8.
Update redhat osbuild-composer-core-debuginfo to version 0:75-6.el8_8.
Update redhat osbuild-composer-debuginfo to version 0:75-6.el8_8.
Update redhat osbuild-composer-debugsource to version 0:75-6.el8_8.
Update redhat osbuild-composer-dnf-json to version 0:75-6.el8_8.
Update redhat osbuild-composer-tests-debuginfo to version 0:75-6.el8_8.
Update redhat osbuild-composer-worker to version 0:75-6.el8_8.
Update redhat osbuild-composer-worker-debuginfo to version 0:75-6.el8_8.

Affected software

Vendor	Product	Affected versions	Fix available
redhat	osbuild-composer	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-core	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-core-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-debugsource	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-dnf-json	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-tests-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-worker	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-worker-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-core	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-core-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-debugsource	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-dnf-json	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-tests-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-worker	<= 0:75-6.el8_8	0:75-6.el8_8
redhat	osbuild-composer-worker-debuginfo	<= 0:75-6.el8_8	0:75-6.el8_8

Original title

Red Hat Security Advisory: osbuild-composer security update

osv CVSS3.1 7.5

https://access.redhat.com/errata/RHSA-2026:2685 Vendor Advisory
https://access.redhat.com/security/updates/classification/#moderate Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418900 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2685.j... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-65637 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-65637 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-65637 Vendor Advisory
https://github.com/mjuanxd/logrus-dos-poc Third Party Advisory
https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md Third Party Advisory
https://github.com/sirupsen/logrus/issues/1370 Third Party Advisory
https://github.com/sirupsen/logrus/pull/1376 Third Party Advisory
https://github.com/sirupsen/logrus/releases/tag/v1.8.3 Third Party Advisory
https://github.com/sirupsen/logrus/releases/tag/v1.9.1 Third Party Advisory
https://github.com/sirupsen/logrus/releases/tag/v1.9.3 Third Party Advisory
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 Third Party Advisory

Published: 13 Feb 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026