CVE coverage
AlmaLinux 9 CVE tracker
Noxen pulls AlmaLinux 9 CVE data from the same upstream sources Red Hat publishes against (RHEL 9 binary-compatible). NVD provides the upstream advisory; OSV's Red Hat ecosystem feed provides the rpm-level fix versions. The AlmaLinux project also publishes its own errata, which we cross-reference.
Live
Headline numbers
- Total CVE records (all distros)Loading…
- Last buildLoading…
- OSV records (RH ecosystem + others)Loading…
- NVD records (cross-platform)Loading…
How matching works
What Noxen does for an AlmaLinux 9 host
- Reads
/etc/os-releaseto confirm AlmaLinux 9 (RHEL 9 binary-compatible). - Reads
rpm -qafor installed packages, including epoch and release. - Filters the local feed cache to OSV records tagged with ecosystem
AlmaLinux:9 / Red Hat:9, plus NVD records whose CPE matches the installed packages. - Compares installed vs fix versions using rpm version semantics (epoch:version-release).
- Emits findings only where the installed version is strictly older than the fix.
Live listings
Top recent critical CVEs (Red Hat ecosystem (RHEL / Rocky / AlmaLinux))
Most-recently-published critical CVEs in the Red Hat ecosystem (RHEL / Rocky / AlmaLinux). Auto-deduped to one row per CVE ID. Snapshot baked at ; live re-fetch on page load.
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| RLSA-2026:26228 | critical | 9.8 | Important: hplip security update | hplip | 0:3.23.12-10.el10_2.4 | |
| RLSA-2026:26297 | critical | 9.8 | Important: hplip security update | hplip | 0:3.21.2-6.el9_8.4 | |
| RLSA-2026:26335 | critical | 9.8 | Important: hplip security update | hplip | 0:3.18.4-13.el8_10 | |
| RLSA-2026:25237 | critical | 9.1 | Important: openssl security update | openssl | 1:3.5.5-4.el10_2 | |
| RLSA-2026:25239 | critical | 9.1 | Important: openssl security update | openssl | 1:3.5.5-4.el9_8 | |
| RLSA-2026:25049 | critical | 9.0 | Critical: samba security update | samba | 0:4.23.5-10.el9_8 | |
| RLSA-2026:22963 | critical | 9.0 | Critical: samba security update | samba | 0:4.23.5-109.el10_2 | |
| RLSA-2026:22714 | critical | 9.1 | Important: osbuild-composer security update | osbuild-composer | 0:165.1-2.el9_8.rocky.0.1 |
Top recent high-severity CVEs (Red Hat ecosystem (RHEL / Rocky / AlmaLinux))
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| RLSA-2026:29898 | high | 7.5 | Moderate: libpng security update | libpng | 2:1.6.34-11.el8_10 | |
| RLSA-2026:29035 | high | 7.5 | Important: skopeo security update | skopeo | 2:1.22.2-2.el10_2 | |
| RLSA-2026:29151 | high | 8.1 | Important: nginx:1.26 security update | nginx | 2:1.26.3-9.module+el9.8.0+40194+40adfc1b | |
| RLSA-2023:5048 | high | 7.8 | Important: flac security update | flac | 0:1.3.3-10.el9_2.1 | |
| RLSA-2023:6431 | high | 7.8 | Moderate: libfastjson security update | libfastjson | 0:0.99.9-5.el9 | |
| RLSA-2026:27789 | high | 7.8 | Important: kernel security, bug fix, and enhancement update | kernel | 0:5.14.0-687.17.1.el9_8 | |
| RLSA-2026:28290 | high | 7.6 | Moderate: libreoffice security update | libreoffice | 1:7.1.8.1-15.el9_8.1 | |
| RLSA-2023:6369 | high | 7.5 | Moderate: qt5 security and bug fix update | adwaita-qt | 0:1.4.2-1.el9 |
Notable
Recent CVEs that AlmaLinux 9 homelabs care about.
- CVE-2024-6387 (regreSSHion) — OpenSSH signal-handler race producing pre-auth RCE.. Red Hat advisory · Noxen deep-dive.
- CVE-2024-1086 (nf_tables UAF) — Linux kernel privilege-escalation, observed in the wild.. Red Hat advisory.
- CVE-2024-3094 (xz backdoor) — Supply-chain backdoor in xz-utils 5.6.0 / 5.6.1.. Red Hat advisory · Noxen deep-dive.
FAQ
Frequently asked about AlmaLinux 9 CVEs
How is AlmaLinux 9 different from RHEL 9 for CVE tracking?
Functionally, very little. AlmaLinux 9 is binary-compatible with RHEL 9 and rebuilds Red Hat's source packages on the same release cadence, so a fix landing in RHEL 9 lands in AlmaLinux 9 within days. Noxen matches against the Red Hat ecosystem feed plus AlmaLinux errata to pick up both channels.
How do I check AlmaLinux 9 CVEs on a host?
For a quick check: dnf updateinfo list security. For per-CVE detail with fix versions, Noxen reads rpm package state over SSH and matches against the live ecosystem feed using rpm version semantics (epoch:version-release).
Is AlmaLinux 9 still supported in 2026?
Yes — the AlmaLinux 9 lifecycle tracks RHEL 9 (active maintenance phase through May 2032). Major and minor security errata continue throughout this window.
Will Noxen flag a CVE that AlmaLinux 9 has already backported a fix for?
No. Red Hat-family distros backport security fixes without changing the upstream version number — the fix shows up as a higher release field (the part after the dash in epoch:version-release). Noxen compares the installed epoch:version-release against the fixed package version using rpm version semantics, so a host that has applied the backported errata is correctly shown as patched rather than as a false positive.
Which AlmaLinux 9 CVEs should I patch first?
Severity alone is a poor sort key. Noxen ranks findings by exposure first — a high-severity CVE in a package behind an internet-facing service outranks a critical one in a library nothing reaches — then by CVSS and EPSS. The EPSS prioritisation guide walks through the reasoning.
Scan an AlmaLinux 9 fleet with Noxen
Add your AlmaLinux 9 hosts via your existing
~/.ssh/config; Noxen reads rpm package state and
matches against the live signed feed. No agent, no SaaS round-trip.
$79 one-time.