Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.5

Red Hat osbuild-composer Allows Unauthorized Access to Container Builds

RHSA-2026:2687
Summary

A security update is available for osbuild-composer, which is used to build and compose container images. If not updated, a remote attacker could potentially access and modify container build processes, leading to unauthorized access to sensitive data. It's recommended to update to the latest version of osbuild-composer to ensure the security of your container builds.

What to do
  • Update redhat osbuild-composer to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-core to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-core-debuginfo to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-debuginfo to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-debugsource to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-dnf-json to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-tests-debuginfo to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-worker to version 0:46.3-5.el8_6.
  • Update redhat osbuild-composer-worker-debuginfo to version 0:46.3-5.el8_6.
Affected software
VendorProductAffected versionsFix available
redhat osbuild-composer <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-core <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-core-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-debugsource <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-dnf-json <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-tests-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-worker <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-worker-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-core <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-core-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-debugsource <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-dnf-json <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-tests-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-worker <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-worker-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-core <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-core-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-debugsource <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-dnf-json <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-tests-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-worker <= 0:46.3-5.el8_6 0:46.3-5.el8_6
redhat osbuild-composer-worker-debuginfo <= 0:46.3-5.el8_6 0:46.3-5.el8_6
Published: 17 Feb 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026