CVE coverage
AlmaLinux 9 CVE tracker
Noxen pulls AlmaLinux 9 CVE data from the same upstream sources Red Hat publishes against (RHEL 9 binary-compatible). NVD provides the upstream advisory; OSV's Red Hat ecosystem feed provides the rpm-level fix versions. The AlmaLinux project also publishes its own errata, which we cross-reference.
Live
Headline numbers
- Total CVE records (all distros)Loading…
- Last buildLoading…
- OSV records (RH ecosystem + others)Loading…
- NVD records (cross-platform)Loading…
How matching works
What Noxen does for an AlmaLinux 9 host
- Reads
/etc/os-releaseto confirm AlmaLinux 9 (RHEL 9 binary-compatible). - Reads
rpm -qafor installed packages, including epoch and release. - Filters the local feed cache to OSV records tagged with ecosystem
AlmaLinux:9 / Red Hat:9, plus NVD records whose CPE matches the installed packages. - Compares installed vs fix versions using rpm version semantics (epoch:version-release).
- Emits findings only where the installed version is strictly older than the fix.
Live listings
Top recent critical CVEs (Red Hat ecosystem (RHEL / Rocky / AlmaLinux))
Most-recently-published critical CVEs in the Red Hat ecosystem (RHEL / Rocky / AlmaLinux). Auto-deduped to one row per CVE ID. Snapshot baked at ; live re-fetch on page load.
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| RLSA-2026:25237 | critical | 9.1 | Important: openssl security update | openssl | 1:3.5.5-4.el10_2 | |
| RLSA-2026:25239 | critical | 9.1 | Important: openssl security update | openssl | 1:3.5.5-4.el9_8 | |
| RLSA-2026:25049 | critical | 9.0 | Critical: samba security update | samba | 0:4.23.5-10.el9_8 | |
| RLSA-2026:22963 | critical | 9.0 | Critical: samba security update | samba | 0:4.23.5-109.el10_2 | |
| RLSA-2026:22714 | critical | 9.1 | Important: osbuild-composer security update | osbuild-composer | 0:165.1-2.el9_8.rocky.0.1 | |
| RLSA-2026:22644 | critical | 9.0 | Important: samba security update | samba | 0:4.19.4-16.el8_10 | |
| RLSA-2026:22450 | critical | 9.1 | Important: osbuild-composer security update | osbuild-composer | 0:165.1-2.el10_2.rocky.0.1 | |
| RLSA-2026:22937 | critical | 9.1 | Important: image-builder security update | image-builder | 0:52.1-1.el10_2.rocky.0.1 |
Top recent high-severity CVEs (Red Hat ecosystem (RHEL / Rocky / AlmaLinux))
| CVE | Sev. | CVSS | Summary | Package | Fix in | Published |
|---|---|---|---|---|---|---|
| RLSA-2026:25902 | high | 7.4 | Important: fence-agents security update | fence-agents | 0:4.16.0-21.el10_2.2 | |
| RXSA-2026:25217 | high | 8.8 | Important: kernel security update | kernel | 0:5.14.0-687.15.1.el9_7.cloud.1.0 | |
| RXSA-2026:25121 | high | 8.8 | Critical: kernel security update | kernel | 0:4.18.0-553.132.1.el8_10.cloud.0.1 | |
| RLSA-2026:25191 | high | 8.8 | Critical: kernel security update | kernel | 0:6.12.0-211.22.1.el10_2 | |
| RLSA-2026:25216 | high | 8.8 | Important: valkey security update | valkey | 0:8.0.9-1.el10_2 | |
| RLSA-2026:24985 | high | 7.8 | Important: poppler security update | poppler | 0:24.02.0-7.el10_2.2 | |
| RLSA-2026:25111 | high | 7.5 | Important: .NET 8.0 security update | dotnet8.0 | 0:8.0.128-1.el10_2 | |
| RLSA-2026:25112 | high | 7.5 | Important: .NET 9.0 security update | dotnet9.0 | 0:9.0.118-1.el10_2 |
Notable
Recent CVEs that AlmaLinux 9 homelabs care about.
- CVE-2024-6387 (regreSSHion) — OpenSSH signal-handler race producing pre-auth RCE.. Red Hat advisory · Noxen deep-dive.
- CVE-2024-1086 (nf_tables UAF) — Linux kernel privilege-escalation, observed in the wild.. Red Hat advisory.
- CVE-2024-3094 (xz backdoor) — Supply-chain backdoor in xz-utils 5.6.0 / 5.6.1.. Red Hat advisory · Noxen deep-dive.
FAQ
Frequently asked about AlmaLinux 9 CVEs
How is AlmaLinux 9 different from RHEL 9 for CVE tracking?
Functionally, very little. AlmaLinux 9 is binary-compatible with RHEL 9 and rebuilds Red Hat's source packages on the same release cadence, so a fix landing in RHEL 9 lands in AlmaLinux 9 within days. Noxen matches against the Red Hat ecosystem feed plus AlmaLinux errata to pick up both channels.
How do I check AlmaLinux 9 CVEs on a host?
For a quick check: dnf updateinfo list security. For per-CVE detail with fix versions, Noxen reads rpm package state over SSH and matches against the live ecosystem feed using rpm version semantics (epoch:version-release).
Is AlmaLinux 9 still supported in 2026?
Yes — the AlmaLinux 9 lifecycle tracks RHEL 9 (active maintenance phase through May 2032). Major and minor security errata continue throughout this window.
Will Noxen flag a CVE that AlmaLinux 9 has already backported a fix for?
No. Red Hat-family distros backport security fixes without changing the upstream version number — the fix shows up as a higher release field (the part after the dash in epoch:version-release). Noxen compares the installed epoch:version-release against the fixed package version using rpm version semantics, so a host that has applied the backported errata is correctly shown as patched rather than as a false positive.
Which AlmaLinux 9 CVEs should I patch first?
Severity alone is a poor sort key. Noxen ranks findings by exposure first — a high-severity CVE in a package behind an internet-facing service outranks a critical one in a library nothing reaches — then by CVSS and EPSS. The EPSS prioritisation guide walks through the reasoning.
Scan an AlmaLinux 9 fleet with Noxen
Add your AlmaLinux 9 hosts via your existing
~/.ssh/config; Noxen reads rpm package state and
matches against the live signed feed. No agent, no SaaS round-trip.
$79 one-time.