Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 44 yq Critical Arbitrary Code Execution Fix 2026-710adfa806

fedora
Calendar Grey July 17, 2026
Scroller Fedora
Fix for arbitrary code execution vulnerability in yq 4.53.3 on Fedora 44. Update recommended for improved security.
Update to 4.53.3

Summary

Yq is a portable command-line YAML, JSON, XML, CSV, TOML, HCL and properties

processor.

Update Information:

Update to 4.53.3

Change Log

* Tue Jul 14 2026 Mikel Olasagasti Uranga - 4.53.3-1 - Update to 4.53.3 and add packit integration

References


[ 1 ] Bug #2495328 - CVE-2026-25681 yq: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495328

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-710adfa806' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: yq
Product: Fedora 44
Version: 4.53.3
Release: 1.fc44
Summary: Yq is a portable command-line YAML, JSON, XML, CSV, TOML, HCL and properties processor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.