Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Red Hat Yggdrasil Worker Package Manager Updated to Fix Security Risk
RHSA-2026:3699
Summary
A security update is available for the Yggdrasil worker package manager, which could allow an attacker to potentially execute arbitrary code. This affects systems using Red Hat's Yggdrasil worker package manager. Systems administrators should update their packages as soon as possible to fix this issue.
What to do
- Update redhat yggdrasil-worker-package-manager to version 0:0.2.3-4.el10_0.
- Update redhat yggdrasil-worker-package-manager-debuginfo to version 0:0.2.3-4.el10_0.
- Update redhat yggdrasil-worker-package-manager-debugsource to version 0:0.2.3-4.el10_0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | yggdrasil-worker-package-manager | <= 0:0.2.3-4.el10_0 | 0:0.2.3-4.el10_0 |
| redhat | yggdrasil-worker-package-manager-debuginfo | <= 0:0.2.3-4.el10_0 | 0:0.2.3-4.el10_0 |
| redhat | yggdrasil-worker-package-manager-debugsource | <= 0:0.2.3-4.el10_0 | 0:0.2.3-4.el10_0 |
Original title
Red Hat Security Advisory: yggdrasil-worker-package-manager security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3699 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3699.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
- https://go.dev/cl/736712 Third Party Advisory
- https://go.dev/issue/77101 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
Published: 4 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026