Explore top 10 tips to secure your open-source projects now. Read More
×The Prometheus monitoring system and time series database.
Update Information:
Update to 3.13.0
* Thu Jul 2 2026 Mikel Olasagasti Uranga
[ 1 ] Bug #2489191 - CVE-2026-40186 prometheus: ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489191
[ 2 ] Bug #2492689 - CVE-2026-44990 prometheus: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2492689
[ 3 ] Bug #2493575 - CVE-2026-41567 prometheus: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2493575
[ 4 ] Bug #2495063 - CVE-2026-53606 prometheus: sanitize-html: Cross-Site Scripting (XSS) via insufficient URI scheme validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2495063
[ 5 ] Bug #2495322 - CVE-2026-25681 prometheus: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting [fedora-all]
...
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4179e03375' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.