https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 20:41:49 +0000 https://vulnerability.circl.lu/sighting/3f37fc0e-425c-4bd9-82d8-5e2a2e81d7bf/export {"uuid": "3f37fc0e-425c-4bd9-82d8-5e2a2e81d7bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "published-proof-of-concept", "source": "Telegram/A1qg1RolaBwsACBTI2hdl9LKX69FzxBc1xCrm7_xs4Pt8oY", "content": "", "creation_timestamp": "2026-04-06T21:00:05.000000Z"} {"uuid": "3f37fc0e-425c-4bd9-82d8-5e2a2e81d7bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "published-proof-of-concept", "source": "Telegram/A1qg1RolaBwsACBTI2hdl9LKX69FzxBc1xCrm7_xs4Pt8oY", "content": "", "creation_timestamp": "2026-04-06T21:00:05.000000Z"} https://vulnerability.circl.lu/sighting/3f37fc0e-425c-4bd9-82d8-5e2a2e81d7bf/export Mon, 06 Apr 2026 21:00:05 +0000 https://vulnerability.circl.lu/sighting/2e04c828-fdb6-4c26-9344-ea7bf35b5975/export {"uuid": "2e04c828-fdb6-4c26-9344-ea7bf35b5975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mj6ii7i5zr2h", "content": "", "creation_timestamp": "2026-04-10T23:37:06.596112Z"} {"uuid": "2e04c828-fdb6-4c26-9344-ea7bf35b5975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mj6ii7i5zr2h", "content": "", "creation_timestamp": "2026-04-10T23:37:06.596112Z"} https://vulnerability.circl.lu/sighting/2e04c828-fdb6-4c26-9344-ea7bf35b5975/export Fri, 10 Apr 2026 23:37:06 +0000 https://vulnerability.circl.lu/sighting/219bfe3b-ec31-4bef-a06b-a21140ee785f/export {"uuid": "219bfe3b-ec31-4bef-a06b-a21140ee785f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mj6ii7x7of2l", "content": "", "creation_timestamp": "2026-04-10T23:37:07.813811Z"} {"uuid": "219bfe3b-ec31-4bef-a06b-a21140ee785f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mj6ii7x7of2l", "content": "", "creation_timestamp": "2026-04-10T23:37:07.813811Z"} https://vulnerability.circl.lu/sighting/219bfe3b-ec31-4bef-a06b-a21140ee785f/export Fri, 10 Apr 2026 23:37:07 +0000 https://vulnerability.circl.lu/sighting/1e910e41-c8d3-430b-9500-edbb082d260b/export {"uuid": "1e910e41-c8d3-430b-9500-edbb082d260b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33184", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjgcba4mrq2t", "content": "", "creation_timestamp": "2026-04-14T02:07:07.700643Z"} {"uuid": "1e910e41-c8d3-430b-9500-edbb082d260b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33184", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjgcba4mrq2t", "content": "", "creation_timestamp": "2026-04-14T02:07:07.700643Z"} https://vulnerability.circl.lu/sighting/1e910e41-c8d3-430b-9500-edbb082d260b/export Tue, 14 Apr 2026 02:07:07 +0000 https://vulnerability.circl.lu/sighting/68a347e9-8e0d-4301-b139-0f7207a1ae48/export {"uuid": "68a347e9-8e0d-4301-b139-0f7207a1ae48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mkfcjinzjk22", "content": "", "creation_timestamp": "2026-04-26T10:04:17.353132Z"} {"uuid": "68a347e9-8e0d-4301-b139-0f7207a1ae48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mkfcjinzjk22", "content": "", "creation_timestamp": "2026-04-26T10:04:17.353132Z"} https://vulnerability.circl.lu/sighting/68a347e9-8e0d-4301-b139-0f7207a1ae48/export Sun, 26 Apr 2026 10:04:17 +0000 https://vulnerability.circl.lu/sighting/d36e2190-86ef-4f2f-8806-75eb22dda5e4/export {"uuid": "d36e2190-86ef-4f2f-8806-75eb22dda5e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3mlbtea75l32g", "content": "This addresses the following vulnerabilities: CVE-2025-58188 CVE-2025-58187 CVE-2026-34040 CVE-2026-33997 CVE-2026-33186 CVE-2026-25679 CVE-2026-24051 CVE-2026-0915 CVE-2026-0861 CVE-2025-68119 CVE-2025-61732 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-4674", "creation_timestamp": "2026-05-07T18:20:07.254529Z"} {"uuid": "d36e2190-86ef-4f2f-8806-75eb22dda5e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3mlbtea75l32g", "content": "This addresses the following vulnerabilities: CVE-2025-58188 CVE-2025-58187 CVE-2026-34040 CVE-2026-33997 CVE-2026-33186 CVE-2026-25679 CVE-2026-24051 CVE-2026-0915 CVE-2026-0861 CVE-2025-68119 CVE-2025-61732 CVE-2025-61731 CVE-2025-61729 CVE-2025-61726 CVE-2025-4674", "creation_timestamp": "2026-05-07T18:20:07.254529Z"} https://vulnerability.circl.lu/sighting/d36e2190-86ef-4f2f-8806-75eb22dda5e4/export Thu, 07 May 2026 18:20:07 +0000 https://vulnerability.circl.lu/sighting/c16d3982-5026-4c3b-8a6f-2134b831aacc/export {"uuid": "c16d3982-5026-4c3b-8a6f-2134b831aacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3mlbteahwco2i", "content": "CVE-2025-15558 CVE-2025-15281 N/A Security fixes for apigee-asm-istiod. This addresses the following vulnerabilities: CVE-2026-33186 CVE-2026-32283 CVE-2026-32281 CVE-2026-32280 CVE-2026-27144 CVE-2026-27143 CVE-2026-27140 CVE-2026-25679 N/A Security fixes for", "creation_timestamp": "2026-05-07T18:20:10.365781Z"} {"uuid": "c16d3982-5026-4c3b-8a6f-2134b831aacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3mlbteahwco2i", "content": "CVE-2025-15558 CVE-2025-15281 N/A Security fixes for apigee-asm-istiod. This addresses the following vulnerabilities: CVE-2026-33186 CVE-2026-32283 CVE-2026-32281 CVE-2026-32280 CVE-2026-27144 CVE-2026-27143 CVE-2026-27140 CVE-2026-25679 N/A Security fixes for", "creation_timestamp": "2026-05-07T18:20:10.365781Z"} https://vulnerability.circl.lu/sighting/c16d3982-5026-4c3b-8a6f-2134b831aacc/export Thu, 07 May 2026 18:20:10 +0000 https://vulnerability.circl.lu/sighting/49c650c3-3ef0-4f84-b11a-d543fdfd26c3/export {"uuid": "49c650c3-3ef0-4f84-b11a-d543fdfd26c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3mlbteazi222q", "content": "This addresses the following vulnerabilities: CVE-2026-39883 CVE-2026-33186 CVE-2026-32283 CVE-2026-32281 CVE-2026-32280 CVE-2026-27144 CVE-2026-27143 CVE-2026-27140 CVE-2026-25679 N/A Security fixes for apigee-kube-rbac-proxy", "creation_timestamp": "2026-05-07T18:20:16.675366Z"} {"uuid": "49c650c3-3ef0-4f84-b11a-d543fdfd26c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3mlbteazi222q", "content": "This addresses the following vulnerabilities: CVE-2026-39883 CVE-2026-33186 CVE-2026-32283 CVE-2026-32281 CVE-2026-32280 CVE-2026-27144 CVE-2026-27143 CVE-2026-27140 CVE-2026-25679 N/A Security fixes for apigee-kube-rbac-proxy", "creation_timestamp": "2026-05-07T18:20:16.675366Z"} https://vulnerability.circl.lu/sighting/49c650c3-3ef0-4f84-b11a-d543fdfd26c3/export Thu, 07 May 2026 18:20:16 +0000 https://vulnerability.circl.lu/sighting/3c18824a-a70b-470c-a79b-8446aa2403c3/export {"uuid": "3c18824a-a70b-470c-a79b-8446aa2403c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3318", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mldruzpfak2p", "content": "CVE-2026-3318 - Multiple vulnerabilities in Cradle e-commerce\nCVE ID : CVE-2026-3318\n \n Published : May 8, 2026, 11:24 a.m. | 1\u00a0hour, 1\u00a0minute ago\n \n Description : Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occ...", "creation_timestamp": "2026-05-08T12:59:06.063111Z"} {"uuid": "3c18824a-a70b-470c-a79b-8446aa2403c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3318", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mldruzpfak2p", "content": "CVE-2026-3318 - Multiple vulnerabilities in Cradle e-commerce\nCVE ID : CVE-2026-3318\n \n Published : May 8, 2026, 11:24 a.m. | 1\u00a0hour, 1\u00a0minute ago\n \n Description : Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occ...", "creation_timestamp": "2026-05-08T12:59:06.063111Z"} https://vulnerability.circl.lu/sighting/3c18824a-a70b-470c-a79b-8446aa2403c3/export Fri, 08 May 2026 12:59:06 +0000 https://vulnerability.circl.lu/sighting/557ff797-b4a6-48ed-b41a-6ffd8eb07fed/export {"uuid": "557ff797-b4a6-48ed-b41a-6ffd8eb07fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://gist.github.com/jparrill/3bace3328b6d6d6b8206a07c7fa426a2", "content": "\n\n\n\n\nHyperShift PR Report \u2014 2026-05-13 to 2026-05-20\n\n:root {\n --bg:#0f1117;--card:#181b24;--border:#2a2e3a;--text:#c9cdd5;--text-dim:#6b7280;\n --accent:#3b82f6;--accent-dim:#1e3a5f;--green:#22c55e;--green-dim:#0d3320;\n --amber:#f59e0b;--amber-dim:#3d2e05;--red:#ef4444;--red-dim:#3b1111;\n --purple:#a855f7;--purple-dim:#2d1650;--cyan:#06b6d4;--cyan-dim:#0c3644;\n}\n*{margin:0;padding:0;box-sizing:border-box}\nbody{font-family:'Inter',-apple-system,BlinkMacSystemFont,'Segoe UI',system-ui,sans-serif;\n background:var(--bg);color:var(--text);line-height:1.6;padding:2rem;max-width:1400px;margin:0 auto}\nh1{font-size:1.75rem;font-weight:700;color:#fff;margin-bottom:.25rem}\nh2{font-size:1.2rem;font-weight:600;color:#e5e7eb;margin-bottom:1rem;padding-bottom:.5rem;border-bottom:1px solid var(--border)}\nh3{font-size:.95rem;font-weight:600;color:#d1d5db;margin-bottom:.5rem}\n.subtitle{color:var(--text-dim);font-size:.85rem;margin-bottom:2rem}\n.grid{display:grid;gap:1rem;margin-bottom:1.5rem}\n.grid-4{grid-template-columns:repeat(4,1fr)}\n.grid-2{grid-template-columns:repeat(2,1fr)}\n@media(max-width:900px){.grid-4{grid-template-columns:repeat(2,1fr)}}\n@media(max-width:600px){.grid-4,.grid-2{grid-template-columns:1fr}}\n.card{background:var(--card);border:1px solid var(--border);border-radius:10px;padding:1.25rem}\n.stat-card{text-align:center}\n.stat-value{font-size:2rem;font-weight:700;color:#fff}\n.stat-label{font-size:.75rem;text-transform:uppercase;letter-spacing:.05em;color:var(--text-dim);margin-top:.25rem}\n.stat-sub{font-size:.7rem;color:var(--text-dim);margin-top:.15rem}\n.badge{display:inline-block;padding:.15rem .5rem;border-radius:999px;font-size:.7rem;font-weight:600;text-transform:uppercase;letter-spacing:.03em}\n.badge-blue{background:var(--accent-dim);color:var(--accent)}\n.badge-red{background:var(--red-dim);color:var(--red)}\n.badge-amber{background:var(--amber-dim);color:var(--amber)}\n.badge-purple{background:var(--purple-dim);color:var(--purple)}\n.badge-cyan{background:var(--cyan-dim);color:var(--cyan)}\n.badge-green{background:var(--green-dim);color:var(--green)}\na{color:var(--accent);text-decoration:none}\na:hover{text-decoration:underline}\n.pr-list{list-style:none}\n.pr-item{padding:.6rem 0;border-bottom:1px solid var(--border);display:flex;gap:.75rem;align-items:flex-start}\n.pr-item:last-child{border-bottom:none}\n.pr-num{font-family:'JetBrains Mono','Fira Code',monospace;font-size:.8rem;color:var(--accent);min-width:5rem;flex-shrink:0}\n.pr-title{font-size:.85rem;flex-grow:1}\n.pr-author{font-size:.75rem;color:var(--text-dim);min-width:7rem;text-align:right;flex-shrink:0}\n.section{margin-bottom:2rem}\n.bar-chart{display:flex;gap:4px;height:28px;border-radius:6px;overflow:hidden;margin:.75rem 0}\n.bar-segment{height:100%;display:flex;align-items:center;justify-content:center;font-size:.65rem;font-weight:600;color:#fff;min-width:20px}\n.legend{display:flex;gap:1rem;flex-wrap:wrap;font-size:.72rem;color:var(--text-dim)}\n.legend-dot{width:8px;height:8px;border-radius:50%;display:inline-block;margin-right:4px;vertical-align:middle}\n.merge-day{display:flex;align-items:center;gap:.5rem;margin-bottom:.4rem;font-size:.8rem}\n.merge-bar{height:18px;border-radius:3px;background:var(--accent);min-width:4px}\n.merge-label{min-width:3.5rem;color:var(--text-dim);font-size:.72rem}\n.merge-count{font-size:.72rem;color:var(--text-dim)}\ntable{width:100%;border-collapse:collapse;font-size:.8rem}\nth{text-align:left;padding:.5rem .75rem;color:var(--text-dim);font-weight:500;font-size:.7rem;text-transform:uppercase;letter-spacing:.05em;border-bottom:1px solid var(--border)}\ntd{padding:.5rem .75rem;border-bottom:1px solid var(--border)}\ntr:last-child td{border-bottom:none}\n.reviewer-bar-wrap{display:flex;align-items:center;gap:.5rem}\n.reviewer-bar{height:12px;background:var(--accent);border-radius:3px}\n.highlight-box{background:linear-gradient(135deg,var(--accent-dim),var(--card));border:1px solid var(--accent);border-radius:10px;padding:1.25rem;margin-bottom:1.5rem}\n.highlight-box h2{border-bottom:none;margin-bottom:.5rem}\n.highlight-list{list-style:none}\n.highlight-list li{padding:.3rem 0;font-size:.85rem}\n.highlight-list li::before{content:\"-->\";color:var(--accent);font-weight:600;margin-right:.5rem;font-family:monospace}\nfooter{text-align:center;color:var(--text-dim);font-size:.7rem;margin-top:3rem;padding-top:1rem;border-top:1px solid var(--border)}\n\n\n\n\n\nHyperShift PR Report\n\n2026-05-13 to 2026-05-20 · Generated 2026-05-20 16:06 UTC\n\n\n\n\n \n\n59\nPRs Merged\n \n\n30\nContributors\n \n\n35\nReviewers\n \n\n178.6h\nAvg Time to Merge\nMedian 93.4h · Fastest 0.3h\n\n\n\n\n\n \nRepository Breakdown\n \n\n \n33\n \n15\n \n8\n \n3\n \n \n\n hypershift (33)\n release (15)\n ai-helpers (8)\n enhancements (3)\n \n\n\n\n\n\n \nWeek Highlights\n \n\n \nCVE-2026-33186 grpc-go backports merged for 4.20 and 4.21, with 4.18/4.19 approved and ready\n \nGCP gains OIDC discovery document management \u2014 key milestone for identity federation\n \nAzure self-managed clusters can now use KMS encryption independently from ARO HCP\n \n4-PR series delivers EFS-backed build caching, significantly reducing CI build times\n \n3 enhancement proposals landed: Vault KMS plugin API, pre-flight checker, secretref clarity\n \n\n\n\n\n\n \n\nBusiest Merge Days\n\n05-14\n12 PRs\n05-13\n11 PRs\n05-19\n10 PRs\n05-20\n9 PRs\n05-15\n8 PRs\n05-18\n7 PRs\n05-16\n2 PRs\n \n\nTop Reviewers\n@coderabbitai bot\n\n26@bryan-cox\n\n11@jparrill\n\n8@stbenjam\n\n4@cblecker\n\n3\n\n\n\n\n\n \nBug Fixes 19 PRs\n \nPRTitleAuthorMerge Time#8525[release-4.22] OCPBUGS-85659: Clarify --base-domain flag default behavior@openshift-cherrypick-robot5.3h#8530OCPBUGS-85763: Fix metrics-proxy deployment failure due to dots in volume names@muraee7.3h#8504OCPBUGS-85580: Fix webhook TLS failure after service-ca to self-managed cert migration@joshbranham13.2h#8506OCPBUGS-85577: Update external-dns image from 1.1.0-3 to 1.2.1@bryan-cox17.0h#8531[release-4.21] OCPBUGS-85781: Add AWS ISO domains to konnectivity IsCloudAPI@openshift-cherrypick-robot82.7h#8534[release-4.22] OCPBUGS-86026: Fix metrics-proxy deployment failure due to dots in volume n@openshift-cherrypick-robot87.8h#8518[release-4.21] OCPBUGS-85621: fix CVE-2026-33186 by updating grpc-go@jparrill94.3h#8519OCPBUGS-59142: fix ValidReleaseImage condition message to show minor version@vsolanki12122.3h#8466OCPBUGS-85344: Add version gates for 4.22 backward compatibility in e2e tests@csrwng125.0h#8517[release-4.20] OCPBUGS-85622: fix CVE-2026-33186 by updating grpc-go@jparrill125.1h#79051OCPBUGS-85344: enable karpenter tests for hypershift e2e-aws on 4.22@enxebre141.6h#8447[release-4.22] OCPBUGS-85779: Add AWS ISO domains to konnectivity IsCloudAPI@openshift-cherrypick-robot212.0h#8418OCPBUGS-85011: fix(cpo): use check-first pattern for EBS CSI operator serving cert@typeid337.3h#8381OCPBUGS-84307: Clarify --base-domain flag default behavior@dhgautam99358.1h#8331OCPBUGS-77827: fix(api): add missing has() guards to servingCerts CEL validation rule@rutvik23361.0h#8408OCPBUGS-84939: [release-4.22] add CP pull-secret watches for in-place propagation@enxebre363.6h#8270[release-4.21] OCPBUGS-83710: fix(kubevirt): filter link-local addresses from EndpointSlic@openshift-cherrypick-robot632.3h#8214OCPBUGS-85538: [release-4.21] Set unhealthyPodEvictionPolicy to AlwaysAllow on all PDBs@openshift-cherrypick-robot727.3h#8213OCPBUGS-85538: [release-4.21] CNTRLPLANE-2740: Add KAS liveness readiness sidecar to OAS a@openshift-cherrypick-robot727.3h\n\n\n\n\n\n \nEnhancement Proposals 3 PRs\n \n\n#2009NO-JIRA: Clarify the secretref datakey structure reason@ardaguclu\n#1972CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api@flavianmissi\n#1999CNTRLPLANE-2121: doc running pre-flight checker on every configuration change@p0lyn0mial\n\n\n\n\n\n \nFeatures & Improvements 29 PRs\n \nPRTitleAuthorRepoMerge Time#8557NO-JIRA: Update Konflux Tekton task bundles@bryan-coxhypershift0.5h#79168Add 4.16 to the matrix with MCE 2.10 on OCP 4.20@mgencurrelease197.7h#79531Automate config brancher by auto-config-brancher job at Wed, 20 May 2026 12:32:05 UTC@openshift-merge-botrelease0.4h#8464NO-JIRA: chore(deps): weekly dependabot consolidation@hypershift-jira-solve-cihypershift288.0h#79501reporter_config: propagate from jobs to config@Prucekrelease3.8h#79505prowgen: migrate last .config.prowgen files to ci-operator config@Prucekrelease2.6h#8088CNTRLPLANE-3070: Support KMS on self-managed Azure without affecting ARO HCP@bryan-coxhypershift125.9h#79465Migrate 7 infra periodics to openshift-ci GitHub App auth and remove stale repo configs@jmguzikrelease4.2h#8132NO-JIRA: Add onboarding guide for new HCP team members@jparrillhypershift1179.6h#79315image-mirroring: use quay-proxy sources for registry.ci mappings@deepsm007release111.1h#8495CNTRLPLANE-3329: Extend EFS-backed build cache to lint, verify, and envtest workflows@vismishrhypershift139.8h#79347CNTRLPLANE-3222: add v2 lifecycle tests to Azure self-managed e2e@bryan-coxrelease0.6h#79335Fix prometheus pods not scheduling to infra nodes after rebalance@Sandeepyadav93release72.0h#8524NO-JIRA: ci(deps): bump cloudflare/wrangler-action from 3.15.0 to 4.0.0@dependabothypershift28.5h#78912hypershift: use pre-built hypershift-tests image for 4.22@csrwngrelease226.7h#8413GCP-636: feat(gcp): support for managing GCP OIDC discovery documents@ckandaghypershift171.1h#78980refactor the argocd apps in core-ci, restructure the cluster folder@drosleanrelease189.9h#78911[INTEROP-9044] [INTEROP-9027] Updating Openshift Pipelines operator v1.22 with other updat@Sau1506myarelease208.1h#8510AUTOSCALE-681: various karpenter and karpenterupgrade test fixes@maxcao13hypershift23.4h#79280GCP-297: hypershift: add e2e-v2-gke periodic job for 4.23 and 5.0@cbleckerrelease16.4h#8494CNTRLPLANE-3329: Replace actions/cache with EFS-backed build cache in unit tests@vismishrhypershift46.1h#77567SPLAT-2668: hypershift/aws/ccm: enable optional managed security group conformance job@mtuliorelease853.8h#8514CNTRLPLANE-3380: docs: add aws-node-termination-handler to repositories list@bryan-coxhypershift2.4h#8481build(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 in /hack/tools@dependabothypershift56.6h#8498AUTOSCALE-681: remove TechPreviewNoUpgrade gate from karpenter upgrade test@maxcao13hypershift4.7h#8493CNTRLPLANE-3329: Mount EFS-backed Go build cache PV on ARC runner pods@vismishrhypershift24.8h#8505NO-JIRA: docs: add repositories page listing team-owned repos@bryan-coxhypershift0.3h#78976prowgen: migrate slack_reporter from .config.prowgen to per-test reporter_config@Prucekrelease138.0h#8496CNTRLPLANE-3329: Add nightly CronJob to warm EFS-backed Go build cache@vismishrhypershift7.9h\n\n\n\n\n\n \nAI Helpers 8 PRs\n \n\n#485Fix skill names to match directory names and rename generic skills@stbenjam\n#483Add optional example field to PLUGINS.md command rendering@jparrill\n#470Add fix-cve skill to golang plugin for Go CVE patching@jparrill\n#481fetch-payloads: resolve stale Pending jobs against Prow@stbenjam\n#422Remove metrics plugin@stbenjam\n#474Add CI check requiring OWNERS file for new plugins@stbenjam\n#471Upgrade skillsaw to v0.10.0 and enable promptfoo linting@stbenjam\n#464HPNEX-9: Add promptfoo behavioral evals for plugins@enxebre\n\n\n\nGenerated from 59 merged PRs across openshift/hypershift, openshift/release, openshift-eng/ai-helpers, openshift/enhancements · Data via GitHub GraphQL API + Jira REST API\n\n\n", "creation_timestamp": "2026-05-20T16:12:48.000000Z"} {"uuid": "557ff797-b4a6-48ed-b41a-6ffd8eb07fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33186", "type": "seen", "source": "https://gist.github.com/jparrill/3bace3328b6d6d6b8206a07c7fa426a2", "content": "\n\n\n\n\nHyperShift PR Report \u2014 2026-05-13 to 2026-05-20\n\n:root {\n --bg:#0f1117;--card:#181b24;--border:#2a2e3a;--text:#c9cdd5;--text-dim:#6b7280;\n --accent:#3b82f6;--accent-dim:#1e3a5f;--green:#22c55e;--green-dim:#0d3320;\n --amber:#f59e0b;--amber-dim:#3d2e05;--red:#ef4444;--red-dim:#3b1111;\n --purple:#a855f7;--purple-dim:#2d1650;--cyan:#06b6d4;--cyan-dim:#0c3644;\n}\n*{margin:0;padding:0;box-sizing:border-box}\nbody{font-family:'Inter',-apple-system,BlinkMacSystemFont,'Segoe UI',system-ui,sans-serif;\n background:var(--bg);color:var(--text);line-height:1.6;padding:2rem;max-width:1400px;margin:0 auto}\nh1{font-size:1.75rem;font-weight:700;color:#fff;margin-bottom:.25rem}\nh2{font-size:1.2rem;font-weight:600;color:#e5e7eb;margin-bottom:1rem;padding-bottom:.5rem;border-bottom:1px solid var(--border)}\nh3{font-size:.95rem;font-weight:600;color:#d1d5db;margin-bottom:.5rem}\n.subtitle{color:var(--text-dim);font-size:.85rem;margin-bottom:2rem}\n.grid{display:grid;gap:1rem;margin-bottom:1.5rem}\n.grid-4{grid-template-columns:repeat(4,1fr)}\n.grid-2{grid-template-columns:repeat(2,1fr)}\n@media(max-width:900px){.grid-4{grid-template-columns:repeat(2,1fr)}}\n@media(max-width:600px){.grid-4,.grid-2{grid-template-columns:1fr}}\n.card{background:var(--card);border:1px solid var(--border);border-radius:10px;padding:1.25rem}\n.stat-card{text-align:center}\n.stat-value{font-size:2rem;font-weight:700;color:#fff}\n.stat-label{font-size:.75rem;text-transform:uppercase;letter-spacing:.05em;color:var(--text-dim);margin-top:.25rem}\n.stat-sub{font-size:.7rem;color:var(--text-dim);margin-top:.15rem}\n.badge{display:inline-block;padding:.15rem .5rem;border-radius:999px;font-size:.7rem;font-weight:600;text-transform:uppercase;letter-spacing:.03em}\n.badge-blue{background:var(--accent-dim);color:var(--accent)}\n.badge-red{background:var(--red-dim);color:var(--red)}\n.badge-amber{background:var(--amber-dim);color:var(--amber)}\n.badge-purple{background:var(--purple-dim);color:var(--purple)}\n.badge-cyan{background:var(--cyan-dim);color:var(--cyan)}\n.badge-green{background:var(--green-dim);color:var(--green)}\na{color:var(--accent);text-decoration:none}\na:hover{text-decoration:underline}\n.pr-list{list-style:none}\n.pr-item{padding:.6rem 0;border-bottom:1px solid var(--border);display:flex;gap:.75rem;align-items:flex-start}\n.pr-item:last-child{border-bottom:none}\n.pr-num{font-family:'JetBrains Mono','Fira Code',monospace;font-size:.8rem;color:var(--accent);min-width:5rem;flex-shrink:0}\n.pr-title{font-size:.85rem;flex-grow:1}\n.pr-author{font-size:.75rem;color:var(--text-dim);min-width:7rem;text-align:right;flex-shrink:0}\n.section{margin-bottom:2rem}\n.bar-chart{display:flex;gap:4px;height:28px;border-radius:6px;overflow:hidden;margin:.75rem 0}\n.bar-segment{height:100%;display:flex;align-items:center;justify-content:center;font-size:.65rem;font-weight:600;color:#fff;min-width:20px}\n.legend{display:flex;gap:1rem;flex-wrap:wrap;font-size:.72rem;color:var(--text-dim)}\n.legend-dot{width:8px;height:8px;border-radius:50%;display:inline-block;margin-right:4px;vertical-align:middle}\n.merge-day{display:flex;align-items:center;gap:.5rem;margin-bottom:.4rem;font-size:.8rem}\n.merge-bar{height:18px;border-radius:3px;background:var(--accent);min-width:4px}\n.merge-label{min-width:3.5rem;color:var(--text-dim);font-size:.72rem}\n.merge-count{font-size:.72rem;color:var(--text-dim)}\ntable{width:100%;border-collapse:collapse;font-size:.8rem}\nth{text-align:left;padding:.5rem .75rem;color:var(--text-dim);font-weight:500;font-size:.7rem;text-transform:uppercase;letter-spacing:.05em;border-bottom:1px solid var(--border)}\ntd{padding:.5rem .75rem;border-bottom:1px solid var(--border)}\ntr:last-child td{border-bottom:none}\n.reviewer-bar-wrap{display:flex;align-items:center;gap:.5rem}\n.reviewer-bar{height:12px;background:var(--accent);border-radius:3px}\n.highlight-box{background:linear-gradient(135deg,var(--accent-dim),var(--card));border:1px solid var(--accent);border-radius:10px;padding:1.25rem;margin-bottom:1.5rem}\n.highlight-box h2{border-bottom:none;margin-bottom:.5rem}\n.highlight-list{list-style:none}\n.highlight-list li{padding:.3rem 0;font-size:.85rem}\n.highlight-list li::before{content:\"-->\";color:var(--accent);font-weight:600;margin-right:.5rem;font-family:monospace}\nfooter{text-align:center;color:var(--text-dim);font-size:.7rem;margin-top:3rem;padding-top:1rem;border-top:1px solid var(--border)}\n\n\n\n\n\nHyperShift PR Report\n\n2026-05-13 to 2026-05-20 · Generated 2026-05-20 16:06 UTC\n\n\n\n\n \n\n59\nPRs Merged\n \n\n30\nContributors\n \n\n35\nReviewers\n \n\n178.6h\nAvg Time to Merge\nMedian 93.4h · Fastest 0.3h\n\n\n\n\n\n \nRepository Breakdown\n \n\n \n33\n \n15\n \n8\n \n3\n \n \n\n hypershift (33)\n release (15)\n ai-helpers (8)\n enhancements (3)\n \n\n\n\n\n\n \nWeek Highlights\n \n\n \nCVE-2026-33186 grpc-go backports merged for 4.20 and 4.21, with 4.18/4.19 approved and ready\n \nGCP gains OIDC discovery document management \u2014 key milestone for identity federation\n \nAzure self-managed clusters can now use KMS encryption independently from ARO HCP\n \n4-PR series delivers EFS-backed build caching, significantly reducing CI build times\n \n3 enhancement proposals landed: Vault KMS plugin API, pre-flight checker, secretref clarity\n \n\n\n\n\n\n \n\nBusiest Merge Days\n\n05-14\n12 PRs\n05-13\n11 PRs\n05-19\n10 PRs\n05-20\n9 PRs\n05-15\n8 PRs\n05-18\n7 PRs\n05-16\n2 PRs\n \n\nTop Reviewers\n@coderabbitai bot\n\n26@bryan-cox\n\n11@jparrill\n\n8@stbenjam\n\n4@cblecker\n\n3\n\n\n\n\n\n \nBug Fixes 19 PRs\n \nPRTitleAuthorMerge Time#8525[release-4.22] OCPBUGS-85659: Clarify --base-domain flag default behavior@openshift-cherrypick-robot5.3h#8530OCPBUGS-85763: Fix metrics-proxy deployment failure due to dots in volume names@muraee7.3h#8504OCPBUGS-85580: Fix webhook TLS failure after service-ca to self-managed cert migration@joshbranham13.2h#8506OCPBUGS-85577: Update external-dns image from 1.1.0-3 to 1.2.1@bryan-cox17.0h#8531[release-4.21] OCPBUGS-85781: Add AWS ISO domains to konnectivity IsCloudAPI@openshift-cherrypick-robot82.7h#8534[release-4.22] OCPBUGS-86026: Fix metrics-proxy deployment failure due to dots in volume n@openshift-cherrypick-robot87.8h#8518[release-4.21] OCPBUGS-85621: fix CVE-2026-33186 by updating grpc-go@jparrill94.3h#8519OCPBUGS-59142: fix ValidReleaseImage condition message to show minor version@vsolanki12122.3h#8466OCPBUGS-85344: Add version gates for 4.22 backward compatibility in e2e tests@csrwng125.0h#8517[release-4.20] OCPBUGS-85622: fix CVE-2026-33186 by updating grpc-go@jparrill125.1h#79051OCPBUGS-85344: enable karpenter tests for hypershift e2e-aws on 4.22@enxebre141.6h#8447[release-4.22] OCPBUGS-85779: Add AWS ISO domains to konnectivity IsCloudAPI@openshift-cherrypick-robot212.0h#8418OCPBUGS-85011: fix(cpo): use check-first pattern for EBS CSI operator serving cert@typeid337.3h#8381OCPBUGS-84307: Clarify --base-domain flag default behavior@dhgautam99358.1h#8331OCPBUGS-77827: fix(api): add missing has() guards to servingCerts CEL validation rule@rutvik23361.0h#8408OCPBUGS-84939: [release-4.22] add CP pull-secret watches for in-place propagation@enxebre363.6h#8270[release-4.21] OCPBUGS-83710: fix(kubevirt): filter link-local addresses from EndpointSlic@openshift-cherrypick-robot632.3h#8214OCPBUGS-85538: [release-4.21] Set unhealthyPodEvictionPolicy to AlwaysAllow on all PDBs@openshift-cherrypick-robot727.3h#8213OCPBUGS-85538: [release-4.21] CNTRLPLANE-2740: Add KAS liveness readiness sidecar to OAS a@openshift-cherrypick-robot727.3h\n\n\n\n\n\n \nEnhancement Proposals 3 PRs\n \n\n#2009NO-JIRA: Clarify the secretref datakey structure reason@ardaguclu\n#1972CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api@flavianmissi\n#1999CNTRLPLANE-2121: doc running pre-flight checker on every configuration change@p0lyn0mial\n\n\n\n\n\n \nFeatures & Improvements 29 PRs\n \nPRTitleAuthorRepoMerge Time#8557NO-JIRA: Update Konflux Tekton task bundles@bryan-coxhypershift0.5h#79168Add 4.16 to the matrix with MCE 2.10 on OCP 4.20@mgencurrelease197.7h#79531Automate config brancher by auto-config-brancher job at Wed, 20 May 2026 12:32:05 UTC@openshift-merge-botrelease0.4h#8464NO-JIRA: chore(deps): weekly dependabot consolidation@hypershift-jira-solve-cihypershift288.0h#79501reporter_config: propagate from jobs to config@Prucekrelease3.8h#79505prowgen: migrate last .config.prowgen files to ci-operator config@Prucekrelease2.6h#8088CNTRLPLANE-3070: Support KMS on self-managed Azure without affecting ARO HCP@bryan-coxhypershift125.9h#79465Migrate 7 infra periodics to openshift-ci GitHub App auth and remove stale repo configs@jmguzikrelease4.2h#8132NO-JIRA: Add onboarding guide for new HCP team members@jparrillhypershift1179.6h#79315image-mirroring: use quay-proxy sources for registry.ci mappings@deepsm007release111.1h#8495CNTRLPLANE-3329: Extend EFS-backed build cache to lint, verify, and envtest workflows@vismishrhypershift139.8h#79347CNTRLPLANE-3222: add v2 lifecycle tests to Azure self-managed e2e@bryan-coxrelease0.6h#79335Fix prometheus pods not scheduling to infra nodes after rebalance@Sandeepyadav93release72.0h#8524NO-JIRA: ci(deps): bump cloudflare/wrangler-action from 3.15.0 to 4.0.0@dependabothypershift28.5h#78912hypershift: use pre-built hypershift-tests image for 4.22@csrwngrelease226.7h#8413GCP-636: feat(gcp): support for managing GCP OIDC discovery documents@ckandaghypershift171.1h#78980refactor the argocd apps in core-ci, restructure the cluster folder@drosleanrelease189.9h#78911[INTEROP-9044] [INTEROP-9027] Updating Openshift Pipelines operator v1.22 with other updat@Sau1506myarelease208.1h#8510AUTOSCALE-681: various karpenter and karpenterupgrade test fixes@maxcao13hypershift23.4h#79280GCP-297: hypershift: add e2e-v2-gke periodic job for 4.23 and 5.0@cbleckerrelease16.4h#8494CNTRLPLANE-3329: Replace actions/cache with EFS-backed build cache in unit tests@vismishrhypershift46.1h#77567SPLAT-2668: hypershift/aws/ccm: enable optional managed security group conformance job@mtuliorelease853.8h#8514CNTRLPLANE-3380: docs: add aws-node-termination-handler to repositories list@bryan-coxhypershift2.4h#8481build(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 in /hack/tools@dependabothypershift56.6h#8498AUTOSCALE-681: remove TechPreviewNoUpgrade gate from karpenter upgrade test@maxcao13hypershift4.7h#8493CNTRLPLANE-3329: Mount EFS-backed Go build cache PV on ARC runner pods@vismishrhypershift24.8h#8505NO-JIRA: docs: add repositories page listing team-owned repos@bryan-coxhypershift0.3h#78976prowgen: migrate slack_reporter from .config.prowgen to per-test reporter_config@Prucekrelease138.0h#8496CNTRLPLANE-3329: Add nightly CronJob to warm EFS-backed Go build cache@vismishrhypershift7.9h\n\n\n\n\n\n \nAI Helpers 8 PRs\n \n\n#485Fix skill names to match directory names and rename generic skills@stbenjam\n#483Add optional example field to PLUGINS.md command rendering@jparrill\n#470Add fix-cve skill to golang plugin for Go CVE patching@jparrill\n#481fetch-payloads: resolve stale Pending jobs against Prow@stbenjam\n#422Remove metrics plugin@stbenjam\n#474Add CI check requiring OWNERS file for new plugins@stbenjam\n#471Upgrade skillsaw to v0.10.0 and enable promptfoo linting@stbenjam\n#464HPNEX-9: Add promptfoo behavioral evals for plugins@enxebre\n\n\n\nGenerated from 59 merged PRs across openshift/hypershift, openshift/release, openshift-eng/ai-helpers, openshift/enhancements · Data via GitHub GraphQL API + Jira REST API\n\n\n", "creation_timestamp": "2026-05-20T16:12:48.000000Z"} https://vulnerability.circl.lu/sighting/557ff797-b4a6-48ed-b41a-6ffd8eb07fed/export Wed, 20 May 2026 16:12:48 +0000