A batch of security advisories covers numerous system packages that require immediate attention from administrators. Most of these patches carry an important or moderate rating, but one stands out as critical for the cockpit management tool. The updates also address vulnerabilities in essential utilities like the Linux kernel, OpenSSH, image builder software, and several database or development libraries. You should apply the cockpit fix right away because it blocks unauthenticated remote code execution triggered by SSH command arguments.

RXSA-2026:3488: Moderate: kernel security update
RXSA-2025:4341: Important: kernel security update
RXSA-2026:13565: Important: kernel security update
RXSA-2026:13577: Important: kernel security update
RLSA-2026:4649: Moderate: grub2 security update
RLSA-2026:13643: Important: osbuild-composer security update
RLSA-2026:9693: Important: java-25-openjdk security update
RLSA-2026:13642: Important: image-builder security update
RLSA-2026:4162: Moderate: mysql8.4 security update
RLSA-2026:3840: Important: image-builder security update
RLSA-2026:6463: Important: openssh security update
RLSA-2026:13380: Important: openssh security update
RLSA-2026:1838: Moderate: image-builder security update
RLSA-2026:13651: Moderate: systemd security update
RLSA-2026:1837: Moderate: osbuild-composer security update
RLSA-2025:20126: Moderate: openssh security update
RLSA-2025:21015: Moderate: vim security update
RLSA-2025:23479: Moderate: openssh security update
RLSA-2026:3752: Important: osbuild-composer security update
RLSA-2026:7383: Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

RXSA-2026:3488: Moderate: kernel security update

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RXSA-2026:3488: Moderate: kernel security update

RXSA-2025:4341: Important: kernel security update

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RXSA-2025:4341: Important: kernel security update

RXSA-2026:13565: Important: kernel security update

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RXSA-2026:13565: Important: kernel security update

RXSA-2026:13577: Important: kernel security update

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RXSA-2026:13577: Important: kernel security update

RLSA-2026:4649: Moderate: grub2 security update

An update is available for grub2.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:4649: Moderate: grub2 security update

RLSA-2026:13643: Important: osbuild-composer security update

An update is available for osbuild-composer.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:13643: Important: osbuild-composer security update

RLSA-2026:9693: Important: java-25-openjdk security update

An update is available for java-25-openjdk.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:9693: Important: java-25-openjdk security update

RLSA-2026:13642: Important: image-builder security update

An update is available for image-builder.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:13642: Important: image-builder security update

RLSA-2026:4162: Moderate: mysql8.4 security update

An update is available for mysql8.4.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:4162: Moderate: mysql8.4 security update

RLSA-2026:3840: Important: image-builder security update

An update is available for image-builder.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:3840: Important: image-builder security update

RLSA-2026:6463: Important: openssh security update

An update is available for openssh.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:6463: Important: openssh security update

RLSA-2026:13380: Important: openssh security update

An update is available for openssh.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:13380: Important: openssh security update

RLSA-2026:1838: Moderate: image-builder security update

An update is available for image-builder.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:1838: Moderate: image-builder security update

RLSA-2026:13651: Moderate: systemd security update

An update is available for systemd.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:13651: Moderate: systemd security update

RLSA-2026:1837: Moderate: osbuild-composer security update

An update is available for osbuild-composer.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:1837: Moderate: osbuild-composer security update

RLSA-2025:20126: Moderate: openssh security update

An update is available for openssh.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2025:20126: Moderate: openssh security update

RLSA-2025:21015: Moderate: vim security update

An update is available for vim.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2025:21015: Moderate: vim security update

RLSA-2025:23479: Moderate: openssh security update

An update is available for openssh.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2025:23479: Moderate: openssh security update

RLSA-2026:3752: Important: osbuild-composer security update

An update is available for osbuild-composer.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:3752: Important: osbuild-composer security update

RLSA-2026:7383: Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update is available for cockpit.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:7383: Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection