Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Red Hat Butane: Unvalidated Input Can Lead to Code Execution
RHSA-2026:3053
Summary
A security update is available for Butane, a tool for creating and managing Ignition configuration files. This update fixes an issue where Butane did not properly validate user input, potentially allowing an attacker to execute arbitrary code. To stay secure, update your Butane installation as soon as possible.
What to do
- Update redhat butane to version 0:0.20.0-1.el9_4.1.
- Update redhat butane-debuginfo to version 0:0.20.0-1.el9_4.1.
- Update redhat butane-debugsource to version 0:0.20.0-1.el9_4.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | butane | <= 0:0.20.0-1.el9_4.1 | 0:0.20.0-1.el9_4.1 |
| redhat | butane-debuginfo | <= 0:0.20.0-1.el9_4.1 | 0:0.20.0-1.el9_4.1 |
| redhat | butane-debugsource | <= 0:0.20.0-1.el9_4.1 | 0:0.20.0-1.el9_4.1 |
Original title
Red Hat Security Advisory: butane security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3053 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3053.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
- https://go.dev/cl/725920 Third Party Advisory
- https://go.dev/issue/76445 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory
Published: 24 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026