Fedora Account System
Red Hat Associate
Red Hat Customer
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute, the escaper would fail to similarly escape it, leading to XSS.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:22120 https://access.redhat.com/errata/RHSA-2026:22120
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:22121 https://access.redhat.com/errata/RHSA-2026:22121
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:22112 https://access.redhat.com/errata/RHSA-2026:22112