Every CVE whose affected-product data names Redhat Instructlab, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-6859 — CVSS 8.8 (high): A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This…
CVE-2026-6855 — CVSS 7.1 (high): A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating…